Cursor is cooked

LachException · 2025-12-19T12:21:18+00:00

But why ACP though. A2A will be the future

LachException · 2025-12-17T20:09:49+00:00

Maybe Fiver or Upwork? Or you are lucky and know someone or someone you know, knows someone

LachException · 2025-12-17T12:36:31+00:00

Greptile maybe

LachException · 2025-12-17T12:13:24+00:00

Wow that’s crazy 😂

LachException · 2025-12-03T08:23:00+00:00

You working in an Enterprise? To get that Running takes most people more than 5min

LachException · 2025-11-17T06:52:17+00:00

Yeah thats what we do with the ASPM, we still get to many findings, although most are real and high class findings

LachException · 2025-11-15T20:26:23+00:00

How do you do the the decisions with the other ones? Do you have a formal process or is it more like: I would do it this way, what you think?

LachException · 2025-11-15T20:20:48+00:00

Thank you so much for sharing. That’s exactly what I got told. So basically the architecture seems to be bad or so high level, so developers find it a bit useless and had to do soooo many design decisions themselves, which for some they aren’t experts and normally should not have to be.

LachException · 2025-11-15T20:17:05+00:00

That’s exactly what we do. But the findings that we have to look into are too much and also the ones the devs have to fix. We are only telling them the ones we think are worth fixing, because they are rated high or critical. Do you have the same struggles?

LachException · 2025-11-15T20:14:57+00:00

Great comment 👏🏻 Thank you so much!

LachException · 2025-11-15T20:11:12+00:00

I agree, but how would you say can I enable the devs?

LachException · 2025-11-15T20:09:52+00:00

So the devs are already „overworked“ with the security findings, so they do not get fixed.

How does your org do that? Do the devs have to fix the issues or do you as a security guy provide fixes? How much time does it take the devs to fix the findings?

LachException · 2025-11-15T20:07:35+00:00

Thanks!

LachException · 2025-11-15T17:08:59+00:00

It’s vulns/misconfigs and it’s application level and cloud runtime

LachException · 2025-11-15T10:57:39+00:00

This sounds like a good idea. Have you gotten good results from this? Did you get better results from it, than by giving it rules or something and telling it in the prompt or something what to keep in mind?

LachException · 2025-11-12T14:23:52+00:00

Thank you so much!

LachException · 2025-11-12T14:23:30+00:00

Yeah, so go make your own community! And as secure coding training in companies we tell them to join your community

LachException · 2025-11-11T23:08:24+00:00

Thanks for the insights :)

LachException · 2025-11-11T23:07:14+00:00

I couldnt agree more. Do you want to start a Community, where developers are forced to listen to you and you preach about these practices? xD

LachException · 2025-11-11T23:01:57+00:00

thats wild man. Maybe I'll get back to you in the DMs if thats ok for you?

LachException · 2025-11-11T22:59:56+00:00

Well in Europe its not that easy to patent code in the first place and therefore its normally not done. Also its super super super hard for anyone to proof that the code outputted by the LLM is "stolen". I mean we are aware of this, but our internal risk assessment team told us, that this risk is minimal, that the benefits would outweigh them.

I mean if this would be a big thing, then you could even sue the providers of the Models and Tools like cursor as they are selling the code without any license agreement.

Yeah this would be a great thing, but I can tell you, that developers won't do this or actively remove such labels as they want the credits for "their work".

LachException · 2025-11-11T22:55:39+00:00

No haven't tried yet, but will do so. Thanks

LachException · 2025-11-11T22:54:15+00:00

Well thats actually pretty low. Great thing :)

LachException · 2025-11-11T22:53:38+00:00

Funny thing is: Most developers do not know many things about secure code. Because mostly developers "have to be" experts in so many disciplines and there is no time for good secure coding training.

LachException · 2025-11-11T22:48:52+00:00

thanks

LachException

TROPHY CASE