@nahsra
Arshan Dabirsiaghi
@nahsra
I help you harden your code and fix your security bugs
Baltimore, MDJoined August 2023
About
Nothing here yet.
Available for
Nothing here yet.
Arshan Dabirsiaghi's blogs
Recently published
Introducing: Pixee SCA!
Dec 16, 2025 · 5 min read · We all know Software Composition Analysis (SCA) is currently broken, and the root cause of most of the symptoms is the high false positive rate and absurd severity rankings. Enterprises are faced with these two realities: You can’t just bump everyth...
Join discussionReact2Shell: The Next Struts2-Style Bug Parade?
Dec 8, 2025 · 4 min read · The React2Shell bug is giving me major déjà vu, and I think there are important lessons here in Abstract vs. Concrete Risk (maybe in B2B sales too—I haven’t fully thought that part through yet). In the 2010s, the Apache Struts team made (what appears...
Join discussion
The Battle of AI Wrappers vs. AI Systems
Oct 31, 2025 · 4 min read · To do vulnerability triage, we use a number of tools: composable agents, workflows, zero-shot LLM calls, deep research, knowledge bases, code analysis tools — you get it. But, does any of it matter? We need to know if a simple “AI wrapper” from some ...
Join discussion
More Isn't Always Better, But AI Makes That Irrelevant
Oct 1, 2025 · 4 min read · The Counterintuitive Choice Breaking Today’s Security Programs Every CISO faces a moment of truth during application security tool evaluation and selection — a decision that will determine the success to vulnerability management at scale. Two vendors...
Join discussion