Hi there. This month is full of new stuff!

This is a secret, not for public release yet, cool? We have a new course in Semgrep Academy: Security Headers! With the amazing Scott Helme! I’m so excited to share another free course with you all! 😃 It goes public March 26th, but you can sign up now if you want. Please send me feedback if you have any!

New cookies security cheat sheet! (link to download below). Please send people the link, not the PDF (help me grow please!). Thank you!

Are you going to RSAC in San Francisco from April 28th to May 2? Would you like a free, signed copy of my new book? If so, you’re in luck! I’m doing a book signing at the Semgrep RSAC booth (free books for everyone, up to 300 books total). No need to sign up in advance, just show up at the Semgrep booth on the Expo floor. Each signing will be approximately 1 hour, or 100 books, whichever comes first. See you there?

• Tuesday April 29th, 1:00 pm

• Wednesday April 29th: 11:30 am

• Thursday May 1st: 2:00 pm

New Content!

• StackOverflow podcast! In it, Ryan Donovan and I unpack input validation, the challenges of trusting data sources, and the intersection of security and law. Bonus: what I learned trying to secure a Canadian national election.

• I was on Software Engineering Radio, with host Brijesh Ammanath, and it was a very technical and deep conversation.

• I was on The Application Security Podcast! With Chris and Robert. The best!

• I was on Episode 260 of The Security Ledger Podcast: The Art of Teaching Secure Coding with Tanya Janca

• I was on the Breaking Badness podcast AGAIN (3rd time, seriously, this episode is new)!!! We talked about AppSec's biggest challenges, perverse incentives and zero trust!

• I was on Enterprise Security Weekly! With FIVE hosts to discuss my new book, secure coding, and the perils of ‘writing a book and having a job at the same time’!

Events!

• March 14th, Snowfroc OWASP conference, in Denver, Colorado, USA

• April 28-May 1, RSAC, I’ve been invited to speak on a panel about Security Champions, and am waiting to hear if any of my talk submissions have been accepted

• May 21-23, 2025: NDC in Oslo, Norway

• May 29-30, 2025, OWASP Global AppSec EU, Barcelona Spain

Random Topics Go Here

I’m currently lobbying the Canadian Government to adopt a secure coding guideline based on my new book (which I have provided to them free of charge). I’m working with my local Member of Parliament, Alistair MacGregor, and together we have contacted Ministers Duclos (Share Services) and McGuinty (National Security) to try to start the conversation. If I don’t hear from them in the next month or two I will want to take further steps, and am open to suggestions of how to try to push the Canadian government for better software security. If you have ideas, let me know. I’m considering a petition, and more letters to the Prime Minister’s office… Wish me luck!

We end with a meme.