After writing 25 editions of the Boring AppSec newsletter, I am super excited to announce the Boring AppSec Podcast. This time, I have a partner in crime! Anshuman and I have been chatting about doing this for many months now and glad the first episode is out. We plan to publish ~10 episodes this season. I will continue to publish “editions” on the newsletter (written by me and guest writers), but probably at a slower pace (at least for the next few months).
The goal of the Podcast is similar to the newsletter. Take a seemingly boring Security topic and go deep into it. In the coming episodes, we will talk about everything from building Security from the ground up to bug bounty programs and much more.
We also plan to have detailed show notes with each episode with links to every reference we make. Feel free to enter rabbit holes :)
If you prefer listening to Podcasts on a different platform, here are links to the first episode on common platforms such as Youtube, Spotify, and Apple Podcasts
That’s it for today! Are there topics you’d like us to discuss? What can we do to make the show better Tell me more! Anshuman and my contact information is provided below. If you find this newsletter, and podcast useful, share it with a friend, or colleague, or on your social media feed.
Show notes:
Welcome to the Boring AppSec Podcast! In Episode 1, we discuss software inventories. What they are, why we need them, and what are our favorite ways to build them.
References:
We will try and add information about all the references we make here. Please enter rabbit holes at will :)
Cartography - https://github.com/lyft/cartography
GenAI + Cartography
Commercial asset inventory mentioned on the show: https://www.jupiterone.com/
Talk by Sandesh and Satyaki on automating asset inventory generation at Razorpay: https://www.youtube.com/watch?v=8q42Pw9F44k&ab_channel=HasgeekTV
XKCD about too many standards - https://m.xkcd.com/927/
Arvind Narayanan on Gen AI chatbots and rock-paper-scissors: https://x.com/random_walker/status/1755684956502728969?s=20
Emily Oster on parenting - https://emilyoster.net/ . She has now moved her newsletter away from Substack. You can sign up at https://parentdata.org/
Contacting Anshuman
Twitter: https://twitter.com/anshuman_bh
Website: https://anshumanbhartiya.com/
Instagram: https://www.instagram.com/anshuman.bhartiya/
Contacting Sandesh
Twitter: https://twitter.com/JubbaOnJeans/
Website: https://boringappsec.substack.com/