Shows
Rouge SoleilRencontre avec Victor : fondateur d'Origine CascaraBonjour à toutes, bonjour à tous. Vous écoutez Rouge Soleil, le podcast qui parle de café — et plus particulièrement de café de spécialité.Je suis Léopold, fondateur du podcast et de la torréfaction Rouge Soleil.Rouge Soleil le podcast parle avec les acteurs du secteur du café et plus particulièrement du café de spécialité. Mais ou commence le café et ou il s’arrête. Et bien c’est à chacun de décidé, mais pour le podcast on a décidé d’aller un peu plus loin que le café dit café gout café bref vous al...
2026-02-2035 min
The AppSec Management PodcastUnderstanding the Cyber Resilience Act (CRA): What Software and Product Companies Need to KnowIn this episode, Viktor Lukachyk, Security Manager at Sigma Software, joins Nicolas and Dag from Codific to break down the Cyber Resilience Act (CRA) and what it means for software and digital product companies operating in the EU.We discuss how CRA fits alongside regulations like NIS 2 and DORA, which products fall into scope, and why CRA is focused on secure by design principles rather than company level compliance.This episode is a practical discussion for security leaders, product managers, compliance teams, and engineering organizations preparing for CRA and looking for a realistic path forward.In this conversation, you...
2026-02-0347 min
The AppSec Management PodcastFrameworks and maturity models explainedISO 27001, NIST CSF, NIST SSDF, CIS Critical Security Controls Framework. All these things are called frameworks. But what are they really? Why do we need them? And are they only relevant for GRC teams in large organizations? If all your tools show green dashboards, isn’t that enough to claim your software product is secure?In this episode of AppSec Science I explain why frameworks are essential for systematically managing risk across teams, business units and entire organizations. I map out the full domain of application security, from the broad world of information security all the way do...
2026-01-0721 min
LYON DEMAIN Gérald BOUCHONFoch et République : 2 stations de métro, 2 univers artistiquesLes stations de métro Foch et République Villeurbanne ont fait peau neuve. Ces travaux entrent dans le cadre de la rénovation des stations de la ligne A... Une ligne ouverte en 1978Après Charpennes, Masséna ou encore Cordeliers, les travaux, lancés en décembre 2024, pour Foch et République se sont achevés fin 2025. L'objectif des travaux était bien sur de renforcer le confort des usagers, mais aussi continuer de déployer l’art au cœur du réseau TCL. Comme nous l'explique Bruno Bernard, le président du SYTRAL."Nous a...
2026-01-0208 min
The AppSec Management PodcastThe Reality of AppSec Risk Management using CVEs and CVSS scoresMany organizations treat Common Vulnerability Enumerations or CVEs as first class citizens. Some even enforce strict SLAs on CVE remediation times depending on their severity scores expressed with the CVSS metric.The numbers make sense as they are built on top of real and hard data. Moreover, attackers also have access to this data, so building your complete strategy around vulnerability dashboards makes absolute sense.However from a scientific perspective there are (at least) 2 key questions to investigate. First of all, do all CVEs represent actual security problems that need to be addressed? Secondly, do...
2025-12-1835 min
The AppSec Management PodcastThe science of security metrics"If you can’t measure it you can’t improve it.". It is hard to argue with that. But here is the catch, what are we measuring and what are we improving. Measuring the right things right is not a rocket science, but it is a science. Common sense might get you so far, but in my experience common sense is failing us. Organizations are focusing on metrics that are readily produced by tooling, but they turn out to be vanity metrics with little or no correlation with actual security. In this episode, I will unpack...
2025-12-1141 minThe AppSec Management PodcastWhat is the cost of a Data Breach?This episode is based on the the IBM cost of a Data Breach report, for full data refer to the report.https://www.ibm.com/reports/data-breach
2025-12-1116 minThe AppSec Management PodcastHow to comply with CRAThis episode is based on content from the the Codific website. Voices and narrative are AI generated. For full factual acurracy refer to the Codific website. https://codific.com/application-security-insights-and-other-exciting-stories/
2025-12-0514 minThe AppSec Management PodcastOWASP ASVS, an introductionThis content is based on an article written by Nicolas Montauban. Voices and narrative are AI generated, for full factual accuracy refer to the underlying article.https://codific.com/owasp-asvs-a-comprehensive-overview/
2025-11-2712 minThe AppSec Management PodcastThe New OWASP TOP 10, what has changed and why.This podcast is based on the presentations and press releases of the OWASP and Codific team. For the latest insights check the Codific website.
2025-11-2014 minThe AppSec Management PodcastTop Application Security Failures at Fortune 500 CompaniesThis podcast is based on in depth analysis by Dr. Aram Hovsepyan. Voices and narrative are AI generated. For full factual accuracy refer to underlying article.https://codific.com/top-application-security-failures-in-fortune-500-companies/
2025-11-1321 minThe AppSec Management PodcastCVE and CVSS are broken.This podcast is based on in depth analysis by Dr. Aram Hovsepyan. Voices and narrative are AI generated. For full factual accuracy refer to underlying article.https://codific.com/appsec-risk-with-cve-and-cvss/
2025-11-0615 minThe AppSec Management PodcastPrivacy Threat Modeling: Learn all about it from two experts in the field!Learn more about privacy threat modeling in this blog post: https://codific.com/privacy-threat-mo...In this podcast we had a very nice conversation with two experts in the field of privacy threat modeling, Kim Wuyts and Aram Hovsepyan. Privacy threat modeling is a process of identifying and assessing potential threats to an individual's personal information. Kim and Aram are experts in this topic and they helped to develop LINDDUN, a world-renowned methodology for privacy threat modeling. They helped us understand the importance of privacy threat modelling, how it is carried out in organizations, what are the frameworks that currently...
2025-10-3050 minThe AppSec Management PodcastSAMM Assessment: Everything you need to know from industry expertsJoin us on this podcast as we convene with four leading Application Security specialists and focus on the assessment aspect of SAMM.SAMM Assessment is the process of figuring out the current security maturity for a given scope (which can be a team, a business unit or the entire organization). Software Assurance Maturity Model (SAMM) provides a clear-cut questionnaire with 90 multiple-choice questions and a list of quality criteria that represent the definition of done per question. However an objective and correct assessment is not as straightforward as it might seem. There are many issues such as who should conduct...
2025-10-2356 minThe AppSec Management PodcastEmbedding Security into the SDLC: How Sign In Solutions uses SAMMY & OWASP SAMMIn this episode, Jason Mordeno, Director of Compliance and Security at Sign In Solutions, shares how his team embedded application security directly into their SDLC using OWASP SAMM and SAMMY.Discover how Signin Solutions moved beyond ISO 27001 and SOC 2 checklists to create a behavior-driven, developer-friendly AppSec culture, resulting in improved security maturity, better risk posture, and even reduced cyber insurance premiums. Jason also reveals how SAMMY helps communicate security priorities across teams, making security a seamless part of everyday operations.Learn how you can build a resilient and scalable AppSec program with SAMMY.Related Success Story: codific.com/embedding-security-into-the-sdlc
2025-10-1641 minThe AppSec Management PodcastAn introduction to BSIMM, Building Security in Maturity ModelThis content is based on an article written by Nicolas Montauban. Voices and narratives are AI generated. For full factual accuracy please refer to the underlying article:https://codific.com/bsimm-building-security-in-maturity-model-a-complete-guide/
2025-10-0919 minThe AppSec Management PodcastHow to integrate ZAP into Gitlab.This episode is based on an article by Dr. Aram Hovsepyan and Alex Ashkov. Voices and narrative are AI generated. For full factual accuracy refer to the underlying article.https://codific.com/how-to-integrate-zap-in-gitlab/
2025-10-0215 minThe AppSec Management PodcastAppsec case study: Attendance RadarThis narrative is based on content from the Codific and AttendanceRadar Websites. For full factual accuracy please refer to the websites:Codific.comAttendanceradar.com
2025-09-2512 minThe AppSec Management PodcastDefect Management Best PracticesThis content is based on an article written by Nicolas Montauban. Voices and narrative is AI generated, for full factual accuracy refer to the underlying article.https://codific.com/how-to-implement-security-defect-tracking/
2025-09-1120 minThe AppSec Management PodcastPreparing for CRAThis content is based on an interview with Simon Montete. Voices and narrative are AI generated. For full factual accuracy please refer to the underlying article.https://codific.com/prepare-for-cra/
2025-09-0412 minThe AppSec Management PodcastOWASP SAMM vs OWASP DSOMMThis content is written by Nicolas Montauban. Voices are AI generated. For full factual accuracy refer to the underlying article:https://codific.com/dsomm-vs-samm
2025-08-2819 minThe AppSec Management PodcastIntroduction to OWASP DSOMMThis content is written by Nicolas Montauban. Voices and narrative is AI generated. For full factual accuracy refer the the article: https://codific.com/owasp-dsomm-a-comprehensive-introduction
2025-08-2120 minThe AppSec Management PodcastUsing ASVS with SAMM.This content is written by Dr. Aram Hovsepyan.https://codific.com/requirements-driven-testing-the-best-roi-security-practiceVoices and narrative are AI generated. For full factual accuracy refer to the underlying article.
2025-08-1412 minThe AppSec Management PodcastSoftware Security Requirements Explained: Why It Matters and How to Implement It EffectivelyThe content for this podcast is written by Dr. Aram Hovsepyan.https://codific.com/mastering-owasp-samm-security-requirements-explainedNarrative and voices are by AI, for full factual accuracy refer to the article linked.
2025-08-0716 min
LYON DEMAIN Gérald BOUCHONLa Melting Coop : l'alternative au supermarché...L'épicerie coopérative et participative située au 229, cours Emile Zola, à Villeurbanne est un lieu de vie et de consommation responsable. Connue autrefois sous le nom de Demain, l'épicerie a récemment pris un nouveau départ en se rebaptisant La Melting Coop. Et en s'installant entre les Gratte-Ciel et Flachet...Un café qui cache une épicerie... La Melting Coop, c'est d'abord un café presque traditionnel ouvert sur l'extérieur comme pour appeler la clientèle. A l'arrière, un magasin avec quelques 2000 références.Le changement de nom et de lieu marque...
2025-08-0507 min
LYON DEMAIN Gérald BOUCHONLE 1/4H LYONNAIS | lundi 4 aout 2025... L'été à LyonDurant cet été, on vous propose un 1/4H LYONNAIS dans une forme un peu exceptionnelle. Avec des reportages à travers la ville pour vous faire découvrir des lieux, des personnalités, des activités...En 2020 la Ville de Lyon avait lancé un vaste plan de réhabilitation de ses Etablissements d’Hébergement pour Personnes Agées Dépendantes (EHPAD). Ces chantiers arrivent à leur terme. C’est notamment le cas pour l'Ehpad "L'étoile du Jour" dans le 5eme arrondissement. Theophile Eliot s'est rendu sur place...Nos invités : Sandrine Petit, directrice de l'établissement, et...
2025-08-0411 minThe AppSec Management PodcastMistakes to avoid in implementing OWASP SAMMThe content of this episode is written by Dr. Aram Hovsepyan.https://codific.com/how-to-implement-owasp-samm-tooling-example-and-mistakes-to-avoidVoices and narrative are AI generated, refer to the article for full factual accuracy.
2025-07-3117 minThe AppSec Management PodcastStories from practical use of OWASP SAMMThis episode is based on two articles. Voices are AI generated, for full factual accuracy refer to the articles below:https://codific.com/building-security-into-software/https://codific.com/implementing-owasp-samm
2025-07-2421 minThe AppSec Management PodcastHow to implement ISO27001This episode is based on an article written by Michaella Masters. Voices are AI generated for full factual accuracy refer to the underlying article. https://codific.com/how-to-implement-iso-27001
2025-07-1726 minThe AppSec Management PodcastGetting started with the Cyber Fundamentals (Cyfun) framework.This episode is based on an article written by Aram Hovsepyan. Voices are AI generated. Please refer to the underlying article for full factual accuracy.https://codific.com/what-is-cyfun-and-how-to-implement-it
2025-07-1018 minThe AppSec Management PodcastHow to choose good metrics in AppSecThis article is based on a conference talk by Aram Hovsepyan at OWASP Global Appsec Barcelona 2025.Voices are AI generated. For full factual accuracy please refer to the underlying article:https://codific.com/security-metrics-with-purpose-and-strategic-impact/There is also a free course on metrics by Aram Hovsepyan available on Thinkific.https://owaspsamm.thinkific.com/courses/metrics
2025-07-0330 minThe AppSec Management PodcastIntroduction to the SSDLCThis podcast is based on the following article by Nicolas Montauban. Voices are AI generated, for full factual accuracy please refer to underlying article.https://codific.com/what-is-the-ssdlc-a-guide-to-secure-development
2025-06-2615 minThe AppSec Management PodcastImplementing OWASP SAMM: A practical guideThis episode is a practical guide to OWASP SAMM. It is based on the following article:https://codific.com/how-to-implement-owasp-samm-tooling-example-and-mistakes-to-avoid/Voices by Notebook LM
2025-06-1914 min
The Application Security PodcastDag Flachet -- Kaizen for your Appsec ProgramDag Flachet joins us to discuss the concept of Kaizen and its application in improving application security. Dag shares his journey into the world of security, emphasizing the importance of iterative, small-step improvements. The conversation delves into how organizations can effectively implement maturity models to enhance their security programs, the limitations of compliance-focused frameworks like ISO 27,000 and SOC 2, and the practical application of Kaizen principles. They also explore the evolution and future updates of OWASP SAM, and the importance of empowering development teams through a bottom-up approach in security enhancement. Dag is the co-founder of Codific, a professor and...
2025-06-1735 minThe AppSec Management PodcastWhat is FISMA and how to comply with it?This episode is an introduction to FISMA. Voices are by Notebook LM and content is based on the following article:https://codific.com/what-is-fisma-and-how-to-comply-with-it/
2025-06-1218 minThe AppSec Management PodcastSecurity's Four Layers: SDLC to Information SecurityThis episode is about the article by Aram Hovsepyan comparing the different layers in security management.https://codific.com/information-security-and-cybersecurity-understanding-the-layers/Voices by Notebook LM
2025-06-0526 minThe AppSec Management PodcastContingency planning with NIST 800-34This episode is a guide to contingency planning with NIST 800-34. Voices are by Notebook LM. Content is from the following article:https://codific.com/nist-800-34-contingency-planning-a-practical-guide-to-resilience/
2025-05-2921 minThe AppSec Management PodcastNIST 800-53: A practical guide.This episode is a practical guide to NIST 800-53. Voices are by Notebook LM. Content is based on the following articles:https://codific.com/how-to-implement-nist-800-53/https://codific.com/what-is-nist-800-53-a-comprehensive-guide/
2025-05-2325 minThe AppSec Management PodcastImplementing NIST SSDFThis episode is a complete introduction to NIST SSDF. Voices are by Notebook LM and content is based on this article:https://codific.com/what-is-nist-ssdf-and-how-should-you-implement-it/
2025-05-1515 minThe AppSec Management PodcastOWASP SAMM a comprehensive introduction.This is a comprehensive introduction to OWASP SAMM.The voices are by Notebook LM based on this article by Nicolas Montauban. https://codific.com/owasp-samm-comprehensive-introduction/ Corrections:The correct business functions are:- Governance- Design- Implementation- Verification- Operations
2025-05-0821 minThe AppSec Management PodcastThe EU Cyber Resilience Act or CRATogether with several OWASP experts we analysed the expected impact of the EU CRA regulation, industry readiness, gaps and expected fines. The voices are generated by Notebook ML based on this article:https://codific.com/cra-fines/
2025-05-0113 min
LYON DEMAIN Gérald BOUCHONLE 1/4H LYONNAIS | mardi 26 novembre 2024ECOUTEZ LE 1/4H LYONNAIS Toute l'actualité de ce mardi 26 novembre 2024Tempête : des rafales ont atteint 140 km/h à LyonArbres déracinés, accidents, voies coupées, avions déroutés, trams et TER à l’arrêt, de nombreux incidents mais pas de victime… Les pompiers du Rhône ont réalisé plus de 300 interventions.Retour à la normale dans la matinée pour les TERMobilisation des agriculteurs dans le Rhône : la Coordination Rurale 69 bloque une plateforme logistique Lidl, à Saint-Quentin-Fallavier.La Maison des Femmes de Lyon, installé...
2024-11-2610 min
LYON DEMAIN Gérald BOUCHONLE 1/4H LYONNAIS | mercredi 4 septembre 2024ECOUTEZ LE 1/4H LYONNAIS Toute l'actualité de ce mercredi 4 septembre 2024L’élection du nouveau président de la Région Auvergne Rhône-Alpes prévue demain pour désigner le successeur de Laurent Wauquiez devenu députéDes tags et des dégradations sur les vitrines d'un restaurant casher, dans le quartier Flachet à VilleurbanneLe dispositif de bornes à compost a déjà permis de collecter plus de 10 000 tonnes de biodéchets, selon la Métropole de Lyon. La collectivité prévoit d’installer 568 nouvelles bornes d’ici à la fin de l'annéeDeux journé...
2024-09-0415 min
Vitamine C autour de LyonStart Now, une semaine de dialogue par la culture près de RoanneCoup d'envoi la semaine prochaine de la semaine « Start Now » du Gen Verde du 17 au 21 avril organisée par les jeunes du mouvement des Focolari. Le Gen Verde est un groupe musical de femmes de 14 nationalités différentes qui se produit à l’international et organise des ateliers artistiques avec des jeunes pour leur faire expérimenter le dialogue, la paix et le vivre ensemble grâce l’art. Explications de Sylvie Mikolajczak.Pour assister au concert, c’est samedi 20 avril 2024, à 19h30 au Centre culturel et de la vie associative de Villeurbanne, au 234 cours Emile Zola, métro Flachet....
2024-04-1315 min
Super Nova LyonLe Taille-Crayon de Villeurbanne fête son premier anniversaireUn taille crayon, est un instrument permettant de rendre pointue l'extrémité d'un crayon en taillant la matière qui entoure la mine et en affûtant celle-ci.Ça c’est la définition classique d’un dico, mais ici, à Lyon Le Taille Crayon c’est un bar ,resto et une salle de concert entre les stations métro Gratte-ciel et Flachet qui va fêter son premier anniversaire ce weekend l’occasion de faire du "Glouglou, Miam miam & Cie".On parle de l’anniv de ce beau bébé qui pèse déjà bien son poids avec Trista
2022-09-1614 min
Vitamine C autour de LyonLe VERT dans la pomme : l’écologie en spectacle à VilleurbanneUne pièce de théâtre pour parler d’écologie dans l’Église : le dimanche 9 octobre, l’Association Culturelle Saint Jean jouera Au commencement... le VERT était dans la pomme ! à Villeurbanne. La pièce, qui met en scène Ish (Adam) et Isha (Ève) en maraîchers du 21e siècle, porte un regard chrétien décalé mais interpellant sur la nécessité écologique.Nos invités :
- Vincent Buron, auteur et interprète (avec sa femme Mireille) ainsi que metteur en scène (avec Michel Viénot) de la pièce
- Hélène Soual, responsable sur la...
2022-09-1016 min
Les petites histoires de Villeurbanne#6 - Flachet, de l'homme politique au quartierA Villeurbanne, tout le monde connaît Flachet. Station de métro, quartier, rue : les repères ne manquent pas pour désigner cet espace à cheval sur le cours Emile-Zola, à mi-chemin des Gratte-Ciel et de Cusset. Mais qui connaît Monsieur Flachet ? Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
2021-10-2810 min
Les sons de l'Actu à Grenoble et en IsèreLa crise sanitaire a complexifié le recrutement des aides à domicileChristine Flachet, directrice de l’ADPA Nord Isère, association d'aide au maintien à domicile des personnes âgées, déplore que l’attractivité des métiers du domicile devienne précaire. Voir Acast.com/privacy pour les informations sur la vie privée et l'opt-out.
2021-05-3001 min
The OCD & Anxiety PodcastEpisode 44 - How to Manage Anxiety as an Entrepreneur with Dag FlachetIn todays episode I interview the legendary Dag Flatchet. We discuss entrepreneurial anxiety. Being an entrepreneur himself, Dag shares about some of lesser talked about difficulties that people face in business.
The conversation focuses in on soultions and we discuss topics such as compartemalisation, stoicism, mindset and acceptance. It´s a great conversation and I hope you enjoy. Dag´s bio can be found below.
Dag Flachet is an entrepreneur and an investor. He started his first company called Compudoc at the age of 21. Compudoc still exists and has performed more than 60,000 technical support interventions at...
2021-01-0541 min