Software Security for Developers • Laur Spilca & Thomas Vitale

Apr 14, 2026

Laurentiu Spilca, Java Champion and author focused on Java, Spring, and security. They discuss why developers avoid security. They cover essential cryptography concepts, pitfalls of reinventing standards, risks from AI-generated code, and the importance of understanding certificates and PKI.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

ADVICE

Learn Practical Security Fundamentals

Do learn security fundamentals without deep math to make informed choices about encryption, hashing, and signing in your apps.
Laurentiu recommends focusing on developer-relevant explanations so you can choose algorithms like RSA or ECC appropriately.

ADVICE

Make Security Part Of Developer Craft

Do make security part of everyday development, not an afterthought, and treat non-functional requirements professionally.
Laurentiu recommends approachable learning resources that remove fear and start from foundations to build competence.

INSIGHT

Distinguish Data Formats From Protocols

Insight that developers often confuse formats and protocols, e.g., JWT is a data format not an auth protocol.
Laurentiu stresses understand formats (JWT, JWS, JWE) before using protocols like OAuth 2 or SAML.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

This interview was recorded for the GOTO Book Club.
http://gotopia.tech/bookclub

Check out more here:
https://gotopia.tech/episodes/428

Laurenţiu Spilcă - Java Champion, Java Community Lead at Endava & Author of "Software Security for Developers" & more books
Thomas Vitale - Senior Software Architect at Systematic & Author of "Cloud Native Spring in Action"

RESOURCES
Laur
https://bsky.app/profile/laurspilca.bsky.social
https://x.com/laurspilca
https://www.linkedin.com/in/laurenţiu-spilcă-01a931107
https://laurspilca.com

Thomas
https://bsky.app/profile/thomasvitale.com
https://mastodon.online/@thomasvitale
https://twitter.com/vitalethomas
https://linkedin.com/in/vitalethomas
https://github.com/ThomasVitale
https://www.thomasvitale.com

Links
https://www.manning.com/books/software-security-for-developers
https://adibsaikali.wordpress.com

DESCRIPTION
Thomas Vitale sits down with Java Champion and author Laurentiu Spilca to discuss his co-authored book "Software Security for Developers". The conversation explores why security is so often avoided by developers, the widespread confusion between foundational concepts like encoding, hashing, and encryption, the dangers of reinventing established security standards, the growing risks of AI-generated code written without security awareness, and why understanding topics like PKI and certificates is more important than ever in modern software development.

RECOMMENDED BOOKS
Adib Saikali & Laurentiu Spilca • Software Security for Developers • https://amzn.to/4aPhqu0
Laurentiu Spilca • Spring, Start Here • https://amzn.to/3L6Sv6c
Laurentiu Spilca • Spring Security in Action • https://amzn.to/3LqEkZW
Laurentiu Spilca • Troubleshooting Java • https://amzn.to/4u5vkj0
Thomas Vitale • Cloud Native Spring in Action • https://amzn.to/3kLu1ns

Bluesky
Instagram
LinkedIn
Facebook

CHANNEL MEMBERSHIP BONUS
Join this channel to get early access to videos & other perks:
https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket: gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!