Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291

Update: 2024-07-16

Description

How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-influenced tools more effective and useful in the context that developers need -- writing secure code.

Show Notes: https://securityweekly.com/asw-291

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

A TLD Takeover, An LLM CTF, A Firmware Flaw, 6 Truths of Cyber Risk - ASW #299

2024-09-1729:16

Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299

2024-09-1733:10

Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298

2024-09-1056:25

Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault

2024-09-0237:48

Apache HTTPD Vulns, Hacking IoT Speakers, Use Cases for WASM, Slack AI Leak - ASW #297

2024-08-2727:08

Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297

2024-08-2737:21

Navigating the Path to Maturity & AI is helping combat cyber threats - Shimon Modi, Boaz Barzel - ASW #296

2024-08-2039:21

The Fallout and Lessons Learned from the CrowdStrike Fiasco - Allie Mellen, Jeff Pollard - ASW #296

2024-08-2042:38

Reducing Supply Chain Risk & What’s lurking in your phone? - Danny Jenkins, Nikos Kiourtis - ASW #295

2024-08-1334:30

When Appsec Needs to Start Small - Kalyani Pawar - ASW #295

2024-08-1334:22

Dead Code, CrowdStrike's Kernel Lessons, VMs & Security Boundaries, SLUBStick Attack - ASW #294

2024-08-0633:55

Building Successful Security Champions Programs - Marisa Fagan - ASW #294

2024-08-0636:24

A CISO's Perspective on AI, Appsec, and Changing Behaviors - Paul Davis - ASW #293

2024-07-3045:18

SAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292

2024-07-2328:57

Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292

2024-07-2336:04

A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291

2024-07-1635:58

Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291

2024-07-1633:06

State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290

2024-07-0938:12

Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters - ASW #290

2024-07-0934:30

Shared Responsibility Models, AI in Offensive Security, Apple's Private Cloud Compute - ASW #289

2024-06-2524:10

00:00

Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291

#box-pro-ellipsis-172687952334731{-webkit-line-clamp:2;}Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291

Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291

Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291