Uniting software development and application security – Jonathan Schneider, Will Vandevanter – ASW #342
Jonathan is the visionary who founded OpenRewrite, an open-source auto-refactoring tool, at Netflix and went on to found the Micrometer project as a member of the Spring Team. He was a Senior Software Engineer at Gradle and a Senior Engineering Manager at Pivotal. Jonathan is the author of “SRE with Java Microservices” and a co-author of “Automated Code Remediation: How to Refactor and Secure the Modern Software Supply Chain,” (both from O’Reilly).
Will Vandevanter is a Security Engineer at Trail of Bits on the AI/ML team, where he specializes in identifying security gaps in AI/ML systems for industry-leading companies. Will has previously spoken at Blackhat, DEFCON, OWASP Global AppSec and a number of other conferences. He has also released popular open source tools and trained hundreds through in-person and online courses.
Mike Shema
- Project Zero: Policy and Disclosure: 2025 Edition
- Who’s SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000 | Adnan Khan’s Blog
- We Asked 100+ AI Models to Write Code. Here’s How Many Failed Security Tests. | Veracode
- FYI: NEW FREE Course: Introduction to JavaScript Security (LFS184) – Linux Foundation – Education
- FYI: An important update (and apology) on our PoisonSeed blog | Expel
An update on the article we covered back in episode 340. In the episode we used the opportunity to talk about the problem of account recovery (and noted that even the article indicated there was no FIDO bypass), but it's still important to note the transparency in updating the article.
It's always useful to use the nuances of account recovery and supporting multiple authentication methods to discuss user experience and secure design.







