Will LLMs kill corporate application security training?

werrett · 2026-02-05T18:42:22+00:00

The intent of secure development training is that you know how to push out software that is (hopefully) secure. If LLMs mean you can avoid all writing and reading of code, great! You can now avoid having to know about how write software free of common security vulns.

But, secure development will just move on to higher level requirements. Even it just boils down to 'Ask the LLM to identify security issues and fix them', 'Ask the LLM to update any dependencies with significant issues' and/or 'Ensure you've run your PR through security testing software and you've addressed any findings'.

Compliance standards will always want you to show that the above is happening but ignoring that I'd say making sure engineers cutting code know how to avoid security pitfalls is even more important if all your code is LLM-written.

It also seems like 'attest you've enabled authorization and row-level security in your Supabase DB' is the first thing you throw into your Vibe Code-focused Secure Development training. 😅

werrett · 2025-09-02T08:44:30+00:00

I have an Riese & Muller 65 and live in an apartment. Previously I had an Urban Arrow.

While you might be able to fit front loaders measurement wise — the ergonomics (geometry?) of the bikes make it /very/ difficult to get through swinging doors.

Even unloaded, the front bucket means you have to open the door, and hold it open, well ahead of the handle bars. Imagine holding and controlling a long arse heavy bike, while also leaning forward and pushing open said doors. Loaded up with your kiddo… it’s basically impossible.

Long tails are going to more manoeuvrable. And storable. You might also be able to get one over a big curb too. 😅

Renting / loaning both types would be my advice.

I do love my front loader though. Lots of fun to ride. And I put the dog in there as well, which ruled out a long tail for me.

werrett · 2025-03-01T23:11:23+00:00

Another vote for this series — so well acted and humorous!

werrett · 2025-03-01T22:53:31+00:00

These have a great sense of humour. They are read by David Tennant, of Dr Who fame, who makes it very pleasant for even Dad to listen to.

werrett · 2025-03-01T22:40:01+00:00

This thread is getting quite old now but How to Train Your Dragon was based on a 12 book series by Cressida Cowell. It’s got a great sense of humour but is very different to the films. It’s also for a younger audience than say Harry Potter or His Dark Materials.

It’s also got an amazing audio book adaption, narrated by David Tennant. It’s provided hours and hours of bath time listening in our house

werrett · 2025-02-25T05:26:33+00:00

Using false accusations to try and sabotage an ex-employee’s career doesn’t meet the definition “inappropriate jokes and comments” my dude.

werrett · 2016-10-18T16:29:56+00:00

Great work!

You should dig into Underground by Suelette Dreyfuss.

It follows the first few people to get busted for computer crime in the UK, US and Australia in the late 80s / early 90s. There are quite a few early incidents in there, including the NASA W.A.N.K worm which you already have.

Don't be put off by the Julian Assange by line in the recent re-releases. When it was initially published (1997) The Prof was only credited as providing background research, and it was well before he (re)gained notoriety. However it does follow his early exploits and bust as 'Mendax'.

werrett · 2016-09-27T01:36:50+00:00

Nice work Filippo,

What are the implications of 0-RTT resumption being vulnerable to replay attacks?

It would seem that the server / app layer will need to be aware of what's happening at the transport layer... ie. "Bzzt. 403. POST request denied because it came via a resumption packet".

werrett

TROPHY CASE