Stenobird

Episode

Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378

Podcast
Application Security Weekly (Audio)
Published
Apr 14, 2026
Duration seconds
4190
Processing state
not_requested
Canonical source
https://aswaudio.libsyn.com/securing-softwares-journey-with-the-owasp-spvs-ido-geffen-rohan-ravindranath-cameron-w-farshad-abasi-asw-378
Audio
https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_378_1--446e2fae-1a3b-4d52-ac39-c1d97cd2fe9d--audio-converted--25604727-e795-4baf-973c-6832125b96ac.mp3?dest-id=626765
JSON
/v1/public/podcasts/application-security-weekly-audio-436682/episodes/securing-software-s-journey-with-the-owasp-spvs-ido-geffen-rohan-ravindranath-cameron-w-farshad-abasi-asw-378
Markdown
/podcast/application-security-weekly-audio-436682/securing-software-s-journey-with-the-owasp-spvs-ido-geffen-rohan-ravindranath-cameron-w-farshad-abasi-asw-378.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/securing-software-s-journey-with-the-owasp-spvs-ido-geffen-rohan-ravindranath-cameron-w-farshad-abasi-asw-378/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/application-security-weekly-audio-436682/securing-software-s-journey-with-the-owasp-spvs-ido-geffen-rohan-ravindranath-cameron-w-farshad-abasi-asw-378.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard picks up from where ASVS left off, how it complements other supply chain security efforts like SLSA, and why they updated it with explicit coverage for AI. They show what goes into making a project relevant and -- most importantly -- successful at defending how supply chains are attacked. They're also looking for more feedback and participation! If you build software packages, consume software packages, or have an interest in helping organizations stay secure, check it out! Resources https://owasp.org/www-project-spvs/ https://github.com/OWASP/www-project-spvs/blob/main/1.5/Release Notes OWASP SPVS 1.5-AI-Pipeline-Security.md https://youtu.be/-WoqGDdivGw?si=kK5-csbnTw8Y4g2J -- The Story Behind OWASP SPVS https://slsa.dev Zero Trust That Actually Ships: Moving From Strategy Decks to Real Security Most enterprise organizations have been working at Zero Trust for years and fail to deliver truly secure environments. Rohan Ravindranath shares insights that Zappsec has gained from guiding the global teams that are succeeding at protecting their orgs. Discover the common pitfalls so you can deploy a solution that works. This segment is sponsored by Zappsec. Visit https://securityweekly.com/zappsecrsac to learn more about them! Cloning Attacker Tradecraft: Why AI Pentesting is Becoming Essential Enterprises ship code continuously, but most security validation still happens in snapshots. Novee CEO and co-founder Ido Geffen explains what "AI penetration testing" means, why it's different from automated scanning, and why it's becoming ess…