CISA’s Secure by Design Principles, Pledge, and Progress – Jack Cable – ASW #321
Just three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s. Common defenses have been known since the early 2000s. Jack Cable talks about CISA's Secure by Design principles and how they're trying to refocus businesses on addressing vuln classes and prioritizing software quality -- with security one of those important dimensions of quality.
Segment Resources:
Announcements
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
Guest
Jack Cable is a hacker who works at the intersection of cybersecurity and public policy, currently the CEO and Co-Founder of Corridor. Prior to that, Jack served as a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency (CISA), where he helped lead the agency’s Secure by Design initiative. Before CISA, Jack worked as a TechCongress Fellow for the Senate Homeland Security and Governmental Affairs Committee, advising Chairman Gary Peters on cybersecurity policy, including open source software security. He previously worked as a Security Architect at Krebs Stamos Group. Jack is a top bug bounty hacker, having identified over 350 vulnerabilities in hundreds of companies. After placing first in the Hack the Air Force bug bounty challenge, he began working at the Pentagon’s Defense Digital Service. Jack studied computer science at Stanford University and has published academic research on election security, ransomware, and cloud security.
Hosts
