Secure Designs, UX Dragons, Vuln Dungeons: The Art of Secure Product Design
Mike Shema, Kalyani Pawar
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
Recorded live as episode 328 of the Application Security Weekly podcast, this panel-style talk argues that secure design failures are primarily organizational rather than technical — companies already know how to build secure software; they just choose not to prioritize it. The discussion covers secure defaults, developer UX, the liability gap, and how AI code generation is reproducing decades-old vulnerability classes at accelerating scale.
AI review
A podcast recorded live as a talk, which is exactly what it sounds like. The Jack Cable content is excellent — the 'hardening guides should become loosening guides' framing and the DevEx-as-security-control argument are both sharp — but they're diluted by panel preamble and the D&D framing adds nothing. Worth watching for Cable's contributions if you missed his standalone BS25-040.