# Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365

Page: https://stenobird.com/podcast/application-security-weekly-audio-436682/secure-by-design-is-better-than-secure-by-myth-bob-lord-asw-365
Text version: https://stenobird.com/podcast/application-security-weekly-audio-436682/secure-by-design-is-better-than-secure-by-myth-bob-lord-asw-365.md
Podcast: [Application Security Weekly (Audio)](https://stenobird.com/podcast/application-security-weekly-audio-436682)
Published: 2026-01-13T10:00:00+00:00
Episode link: https://aswaudio.libsyn.com/secure-by-design-is-better-than-secure-by-myth-bob-lord-asw-365
Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_365_1--ff8665cf-010b-4919-af4a-8d032a0dd72b--audio-converted--54697c33-5f65-43d0-858c-67ae07ffb637.mp3?dest-id=626765
Processing state: not_requested
JSON: https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/secure-by-design-is-better-than-secure-by-myth-bob-lord-asw-365
Duration seconds: 3213

## Resource

Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore -- the security myths and mistakes that crop up in news stories and advice to users. He talks about how these myths come about, why they're harmful, and how they're related to the necessity of building software that's secure by design. Segment Resources: https://www.hacklore.org/ https://medium.com/@boblord/lets-stop-hacklore-d5c86a0fdad8 https://www.cisa.gov/securebydesign https://medium.com/@boblord/recurring-classes-of-software-weaknesses-2007-vs-2025-c2cd56125e1a https://www.ncsc.gov.uk/report/a-method-to-assess-forgivable-vs-unforgivable-vulnerabilities https://99percentinvisible.org/episode/nut-behind-wheel/ https://timharford.com/2022/05/cautionary-tales-short-a-screw-loose-at-17000ft/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-365

## Actions

- request_transcript: `POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/secure-by-design-is-better-than-secure-by-myth-bob-lord-asw-365/transcription-requests` — Idempotently request low-priority transcript generation for this episode.
- read_markdown: `GET https://stenobird.com/podcast/application-security-weekly-audio-436682/secure-by-design-is-better-than-secure-by-myth-bob-lord-asw-365.md` — Read the agent-friendly Markdown representation of this episode resource.

A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed.

## Transcript

Full transcripts are not published on public pages unless there is a clear rights basis.