@nahsra
I help you harden your code and fix your security bugs
Nothing here yet.
Nothing here yet.
Dec 16, 2025 · 5 min read · We all know Software Composition Analysis (SCA) is currently broken, and the root cause of most of the symptoms is the high false positive rate and absurd severity rankings. Enterprises are faced with these two realities: You can’t just bump everyth...
Join discussionDec 8, 2025 · 4 min read · The React2Shell bug is giving me major déjà vu, and I think there are important lessons here in Abstract vs. Concrete Risk (maybe in B2B sales too—I haven’t fully thought that part through yet). In the 2010s, the Apache Struts team made (what appears...
Join discussion
Oct 31, 2025 · 4 min read · To do vulnerability triage, we use a number of tools: composable agents, workflows, zero-shot LLM calls, deep research, knowledge bases, code analysis tools — you get it. But, does any of it matter? We need to know if a simple “AI wrapper” from some ...
Join discussion
Oct 1, 2025 · 4 min read · The Counterintuitive Choice Breaking Today’s Security Programs Every CISO faces a moment of truth during application security tool evaluation and selection — a decision that will determine the success to vulnerability management at scale. Two vendors...
Join discussion
Sep 19, 2023 · 3 min read · Turns out, a lot of people want to try to safely run untrusted code, and that's hard. Pixee Engineer Matt Austin (@mattaustin) recently found a bypass of the new and experimental Node.js sandbox in versions before 20.3.1, and it just received a $3K a...
CChathrapathi commented
