Stenobird

Episode

Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362

Podcast
Application Security Weekly (Audio)
Published
Dec 23, 2025
Duration seconds
4072
Processing state
not_requested
Canonical source
https://aswaudio.libsyn.com/modern-appsec-owasp-samm-ai-secure-coding-threat-modeling-champions-sebastian-deleersnyder-dustin-lehr-james-manico-adam-shostack-asw-362
Audio
https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_362_1--a8a141dc-4a96-4050-ba3e-5856849d9695--audio-converted--3e07e2ce-d057-46ab-86a0-f8b18a4beb84.mp3?dest-id=626765
JSON
/v1/public/podcasts/application-security-weekly-audio-436682/episodes/modern-appsec-owasp-samm-ai-secure-coding-threat-modeling-champions-sebastian-deleersnyder-dustin-lehr-james-manico-adam-shostack-asw-362
Markdown
/podcast/application-security-weekly-audio-436682/modern-appsec-owasp-samm-ai-secure-coding-threat-modeling-champions-sebastian-deleersnyder-dustin-lehr-james-manico-adam-shostack-asw-362.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/modern-appsec-owasp-samm-ai-secure-coding-threat-modeling-champions-sebastian-deleersnyder-dustin-lehr-james-manico-adam-shostack-asw-362/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/application-security-weekly-audio-436682/modern-appsec-owasp-samm-ai-secure-coding-threat-modeling-champions-sebastian-deleersnyder-dustin-lehr-james-manico-adam-shostack-asw-362.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-security-with-owasp-samm/ As genAI becomes a more popular tool in software engineering, the definition of "secure coding" is changing. This session explores how artificial intelligence is reshaping the way developers learn, apply, and scale secure coding practices — and how new risks emerge when machines start generating the code themselves. We'll dive into the dual challenge of securing both human-written and AI-assisted code, discuss how enterprises can validate AI outputs against existing security standards, and highlight practical steps teams can take to build resilience into the entire development pipeline. Join us as we look ahead to the convergence of secure software engineering and AI security — where trust, transparency, and tooling will define the future of code safety. Segment Resources: https://manicode.com/ai/ Understand the history of threat modeling with Adam Shostack. Learn how threat modeling has evolved with the Four Question Framework and can work in your organizations in the wake of the AI revolution. Whether you're launching a formal Security Champions program or still figuring out where to start, there's one truth every security leader needs to hear: You already have allies in your org -- they're just waiting to be activated. In this session, we'll explore how identifying and empowering your internal advocates is the fastest, most sustainable way to drive security culture change. These are your early adopte…