Secure Coding as Critical Thinking Instead of Vulnspotting – Matias Madou – ASW #357
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for helping developers get beyond the superficial advice of, "Think like an attacker."
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. Matias obtained his Ph.D. in Application Security from Ghent University, focusing on static analysis solutions. He later joined Fortify in the US, where he realized that it was insufficient to solely detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers, alleviate the burden of security, and exceed customers’ expectations. Matias has over a decade of hands-on software security experience. From the research to improve existing solutions to scoping and building new solutions. A dozen patents and a bunch of papers are the result of his research that eventually led to a hand full of commercial products, and has presented at conferences including RSA Conference, BlackHat and DefCon.
