Episode 3

Does AppSec Still Matter? CVEs, Risk, and Real-World Security

Application security has never been more critical, but are we focusing on the wrong things? In this episode of AppSec.FM, Jerry Hoff sits down with Robert RSnake Hansen to explore the true relevance of AppSec in the age of CVEs, compliance, and adversaries who are evolving faster than ever.

Highlights:

  • Why most security risk comes from a small subset of CVEs.
  • The gap between compliance frameworks and real security outcomes.
  • How adversaries actually prioritize targets (hint: money).
  • The cultural factors that shape AppSec debates.
  • Why vulnerability management needs more data-driven approaches.
  • The impact of LLMs on modern cyber attacks.
  • Practical steps for defending web applications.


Guest links:

https://www.linkedin.com/in/roberthansen3/

https://www.rootevidence.com/


AppSec.FM is the podcast for application security professionals, hosted by Jerry Hoff. Subscribe on Apple Podcasts, Spotify, or at appsec.fm.

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for AppSec
AppSec

Listen for free

About your host

Profile picture for Jerry Hoff

Jerry Hoff

For the past two decades, I’ve been on the front lines of application security, leading teams, teaching thousands of developers, and helping shape how organizations around the world defend their software. Along the way I’ve held leadership roles at Aspect Security, WhiteHat Security, Sony Electronics, and NTT, always with the same goal: making technology safer.

Today I run AppSec Training, a boutique company dedicated to transforming security education into something practical, engaging, and impactful.

And now, through AppSec.FM, I get to do what I love most: connect with the brightest minds in cybersecurity, uncover their stories, and explore how we can secure software in an era defined by AI, rapid innovation, and relentless new threats.