O'reilly Security Podcast - O'reilly Media Podcast

The O’Reilly Security Podcast: The origins of LangSec, rigidity vs. robustness, and using game theory to make security better for everyone.In this episode, I talk with Meredith Patterson, a software engineer and leader of the Langsec Conspiracy. We discuss the origins of LangSec, rigidity versus robustness, and game theory as it applies to organizational approaches to security.Here are some highlights: The origins of LangSec One evening I was having dinner with another fellow grad student who was doing security, and we were talking about SQL injections. He explained to me how it was possible with some web applications or HTML forms to add additional phrases of SQL in such a way that you could trick a database into executing arbitrary queries for you. He was explaining to me that people try to white list or black list against certain regular expressions to try to prevent this from happening, but it doesn't work terribly well. I said, 'That's silly, because SQL is a context free lang