{"podcast":{"title":"Elixir Wizards","slug":"elixir-wizards","podcast_index_feed_id":674321,"rss_url":"https://feeds.fireside.fm/smartlogic/rss","website_url":"https://smartlogic.fireside.fm","image_url":"https://media24.fireside.fm/file/fireside-images-2024/podcasts/images/0/03a50f66-dc5e-4da4-ab6e-31895b6d4c9e/cover.jpg?v=3","author":"SmartLogic LLC","episode_count":201,"summary":"Elixir Wizards is an interview-style podcast from SmartLogic featuring conversations with developers, engineers, and industry leaders about the Elixir programming language and the broader software development landscape. Each episode explores how modern systems are built, from distributed architectures and infrastructure to developer workflows, security, and emerging technologies like AI. While rooted in the Elixir ecosystem, the show often branches out to compare approaches across languages, platforms, and disciplines. Whether you’re working in Elixir or just interested in how software is evolving, Elixir Wizards offers practical insights and thoughtful perspectives from the people building today’s systems.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/elixir-wizards"},"episode":{"title":"The State of Security in Elixir with Holden Oullette","slug":"the-state-of-security-in-elixir-with-holden-oullette","published_at":"2026-04-30T10:00:00+00:00","page_url":"https://stenobird.com/podcast/elixir-wizards/the-state-of-security-in-elixir-with-holden-oullette","show_page_url":"https://stenobird.com/podcast/elixir-wizards","url":"https://smartlogic.fireside.fm/s15-e01-security-in-elixir-holden-oullette","audio_url":"https://aphid.fireside.fm/d/1437767933/03a50f66-dc5e-4da4-ab6e-31895b6d4c9e/e8e721ef-cf8f-43c9-8120-12b94ab2baab.mp3","summary":"Elixir's functional patterns and server-side rendering provide inherent immunity to many common web vulnerabilities. This discussion explores how the ecosystem is evolving to handle new threats like LLM-generated code and supply chain risks.","meta_description":"Explore the future of Elixir security, from AST-based static analysis with Sobelow to managing supply chain risks and leveraging LLMs for safer developmen…","key_points":["Main idea: Elixir's design, specifically its functional nature and server-side rendering, creates a 'secure-by-default' environment","Practical takeaway: Use deterministic tools like Sobelow for AST-based pattern matching alongside non-deterministic LLMs to catch edge-case vulnerabilities","Failure mode: Relying solely on LLMs for security checks is dangerous because their non-deterministic nature can miss critical vulnerabilities like unauthorized root access","Main idea: The AEGIS initiative and ecosystem-wide efforts are essential for managing supply chain risks and dependency security","Practical takeaway: Leverage Elixir primitives and robust testing to build highly distributed, resilient systems that can withstand large-scale attacks"],"chapters":[{"start_ms":60000,"title":"Introduction to Holden Oullette","summary":"Holden shares his background in cybersecurity and his transition into application security within the Elixir ecosystem."},{"start_ms":240000,"title":"The Philosophy of Secure Development","summary":"A discussion on building security into the software development lifecycle by leveraging frameworks and tools by default."},{"start_ms":425000,"title":"Evolving Security Threats","summary":"An overview of how security concerns shift over time, referencing the OWASP Top Ten and the changing landscape of web vulnerabilities."},{"start_ms":640000,"title":"LLMs and New Attack Vectors","summary":"Exploring how Large Language Models introduce new classes of vulnerabilities and how they can be used to enhance security workflows."},{"start_ms":830000,"title":"Supply Chain and Dependency Security","summary":"The importance of secure, programmatic publishing and the challenges of maintaining trust across the entire dependency chain."},{"start_ms":1005000,"title":"Verifiable Dependencies","summary":"The technical nuances of ensuring every step of the software supply chain is cryptographically verifiable."},{"start_ms":1200000,"title":"Deterministic vs. Non-Deterministic Security","summary":"Comparing the reliability of AST-based static analysis tools like Sobelow against the creative but unpredictable nature of LLMs."},{"start_ms":1765000,"title":"Balancing Speed and Security","summary":"How to implement frequent security checks and dependency updates without slowing down the development velocity."}],"topics":["Elixir","Application Security","Static Analysis","Sobelow","LLMs","Supply Chain Security","Software Development Lifecycle","AST-based Analysis","Phoenix Framework"],"duration_seconds":2514,"processing_state":"processed","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/elixir-wizards/episodes/the-state-of-security-in-elixir-with-holden-oullette/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/elixir-wizards/the-state-of-security-in-elixir-with-holden-oullette.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}