🎙️ Coffee, Chaos & ProdSec - Ep 12

The OWASP Top 10:2025 RC1 is here, and it is already causing chaos. So this week, Kurt and Cameron grab their mugs and break down every category with real world stories, honest takes, and a few spicy opinions on why some vulnerabilities just will not go away.

From Broken Access Control dominating the charts again, to Misconfigurations that keep haunting cloud teams, to classic Injection failures refusing to stay in the past, this episode digs into the patterns behind the list and what they reveal about the state of modern security.

Your hosts explore how design flaws emerge long before code is written, why authentication failures keep showing up in new forms, and how logging gaps continue to blind even mature orgs. It is a guided tour through the list with humor, insight, and the occasional “I cannot believe this still happens” moment.

If you work in AppSec, Product Security, DevSecOps, or you simply enjoy hearing two security leaders question reality over a cup of coffee, this episode is your new weekly ritual.

☕ Tune in, patch your brain, and embrace the beautiful mess of the OWASP Top 10:2025 RC1.