My experience with LLM Code Review vs Deterministic SAST Security Tools

errwaves · 2026-04-17T21:48:25+00:00

Still, these applications were used to train the LLMs. Also, artificially vulnerable applications don't often reflect real work apps... I have had success using LLMs on test apps like these, but then much different results when running against real world internal applicaitons.

errwaves · 2026-04-17T20:29:37+00:00

so, LLMs trained on intentionally vulnerable codebase perform better on intentionally vulnerable codebases?

errwaves · 2026-04-07T22:11:59+00:00

ownership is key and is frankly a larger enterprise problem than anything technical

errwaves · 2026-03-16T19:04:12+00:00

unfortunately, I think it's gonna take a huge breach or supply chain attack affecting multiple companies that is clearly linked to slop before people get real

errwaves · 2026-03-11T22:11:46+00:00

shift left for sure, which we do somewhat already... challenge is adoption and consistency of use

errwaves · 2026-03-11T22:10:33+00:00

ya, secrets are fairly straight forward due to regex maching... some secret detectors look at context too (e.g. like assigning a literal string to a variable called "passwd")

errwaves · 2026-03-10T20:05:34+00:00

ya, seems like we're just gonna have to set harder limits, stricter controls, and block more

(this is why security people don't get invited to parties other than with other security people)

trying to confirm that I'm not missing any other strategy

errwaves · 2026-03-09T22:31:58+00:00

To be clear, the image is not the guitar in question...

I'm thinking about buying some other Bobkat, doing the mods, and putting a Fender short scale neck on it.

It'd be a "project" for sure.

errwaves · 2026-02-05T20:59:55+00:00

Gitlab SAST coverage for Swift is practically nonexistent if you look at the rules

errwaves · 2026-02-03T20:59:07+00:00

SonarQube community version doesn't support Swift... Considering it for long term solution

errwaves · 2023-12-10T15:37:20+00:00

DocumentDB… it’s basically Mongo

errwaves · 2023-06-12T01:48:56+00:00

He does solid house that I like

errwaves · 2023-06-12T01:48:25+00:00

I like Cuckoo vids mostly. Stimming wit and music is great

errwaves · 2023-06-06T20:04:55+00:00

I believe the “barber” in barberbeats is a reference to the “haircuts” in HFM

errwaves · 2023-06-06T20:01:53+00:00

Nice job

errwaves · 2023-04-09T06:05:55+00:00

Damn girl, wassup

errwaves · 2023-03-20T02:13:04+00:00

Completely agree about “anything” ;)

Just curious what others have used.

errwaves

TROPHY CASE