Developers Own Code Security: Fix Flaws Before Exploitation

The Pragmatic Engineer · November 26, 2025 · Listen to Original Episode →

Original Title: Code security for software engineers

Related Episodes

Backend Specification and API Design for AI-Driven Frontends

Jan 20, 2026 The Stack Overflow Podcast

Universal frontend interfaces risk overwhelming backend systems. Shift to explicit backend specifications and componentized APIs for performance and user expectation management.

View Episode Notes →

Blockchain and Verifiable AI for Personal Autonomy and Trust

Dec 09, 2025 Beyond The Prompt - How to use AI in your company

Unlock AI's potential with verifiable ownership and decentralized infrastructure, ensuring your AI agents serve your interests and protect against manipulation.

View Episode Notes →

AI Accelerates Coding, Short-Lived Certificates Complicate Trust

Jan 14, 2026 Security Now (Audio)

AI coding assistants democratize software creation and accelerate development, while short-lived certificates and cloud signing services increase complexity and costs.

View Episode Notes →

AI Redefines Roles--Quantum Threats--Elder Care Robots

Dec 04, 2025 The Changelog: Software Development, Open Source

Quantum computers will soon decrypt current encryption, demanding immediate adoption of post-quantum cryptography to secure sensitive data from future harvesting.

View Episode Notes →

Balancing Speed and Stability--Mitigating Tech Debt from Software Development Shortcuts

Jan 02, 2026 The Stack Overflow Podcast

Shortcuts in software development, driven by speed, introduce hidden risks and technical debt. Re-emphasize human oversight and upfront planning to ensure system integrity and sustainable growth.

View Episode Notes →

AI Transforms Software Development Lifecycle and Economic Structures

Dec 09, 2025 The a16z Show

AI transforms software development, creating trillions in value by shifting developers from coding to orchestrating AI agents and enabling rapid legacy code modernization.

View Episode Notes →

Resources

Resources & Recommendations

Books

"The Pragmatic Engineer Deep Dives" - This resource was mentioned for more details on security engineering, implying it contains in-depth information on the topic.

People Mentioned

Johannes Doss (VP of Code Security at Sonar) - A security expert for 20 years who shared insights on code security, application security, and the impact of AI on the field.

Organizations & Institutions

Sonar - Johannes Doss's current company, where he is VP of Code Security. Sonar scans billions of lines of code daily to identify security issues.
MITRE - Runs the CVE (Common Vulnerability Enumeration) list, a database for documenting known vulnerabilities.
Stack Overflow - Mentioned in the context of a survey where only 3% of developers trusted AI-generated code.
OWASP (Open Worldwide Application Security Project) - Their "OWASP Top 10" is a standard awareness document for developers and web application security.

Websites & Online Resources

CVE List (Common Vulnerability Enumeration) - A database for documenting known vulnerabilities, run by MITRE.
GitHub - Mentioned as a common target for attackers who crawl public repositories to steal secrets.
NPM (Node Package Manager) - Referenced in the context of packages being poisoned and dependency security issues in the Node.js ecosystem.
Maven Central - Mentioned alongside NPM as a repository for packages that could be targeted by attackers using "slop squatting" techniques.

Other Resources

Sasser Worm - A specific computer worm from 20 years ago that infected Johannes Doss's computer and sparked his interest in cybersecurity.