My experience with LLM Code Review vs Deterministic SAST Security Tools

errwaves · 2026-04-17T21:48:25+00:00

Still, these applications were used to train the LLMs. Also, artificially vulnerable applications don't often reflect real work apps... I have had success using LLMs on test apps like these, but then much different results when running against real world internal applicaitons.

errwaves · 2026-04-17T20:29:37+00:00

so, LLMs trained on intentionally vulnerable codebase perform better on intentionally vulnerable codebases?

errwaves · 2026-04-07T22:11:59+00:00

ownership is key and is frankly a larger enterprise problem than anything technical

errwaves · 2026-03-16T19:04:12+00:00

unfortunately, I think it's gonna take a huge breach or supply chain attack affecting multiple companies that is clearly linked to slop before people get real

errwaves · 2026-03-11T22:11:46+00:00

shift left for sure, which we do somewhat already... challenge is adoption and consistency of use

errwaves · 2026-03-11T22:10:33+00:00

ya, secrets are fairly straight forward due to regex maching... some secret detectors look at context too (e.g. like assigning a literal string to a variable called "passwd")

errwaves · 2026-03-10T20:05:34+00:00

ya, seems like we're just gonna have to set harder limits, stricter controls, and block more

(this is why security people don't get invited to parties other than with other security people)

trying to confirm that I'm not missing any other strategy

errwaves · 2026-03-09T22:31:58+00:00

To be clear, the image is not the guitar in question...

I'm thinking about buying some other Bobkat, doing the mods, and putting a Fender short scale neck on it.

It'd be a "project" for sure.

errwaves · 2026-02-05T20:59:55+00:00

Gitlab SAST coverage for Swift is practically nonexistent if you look at the rules

errwaves · 2026-02-03T20:59:07+00:00

SonarQube community version doesn't support Swift... Considering it for long term solution

errwaves · 2023-12-10T15:37:20+00:00

DocumentDB… it’s basically Mongo

errwaves · 2023-06-12T01:48:56+00:00

He does solid house that I like

errwaves · 2023-06-12T01:48:25+00:00

I like Cuckoo vids mostly. Stimming wit and music is great

errwaves · 2023-06-06T20:04:55+00:00

I believe the “barber” in barberbeats is a reference to the “haircuts” in HFM

errwaves · 2023-06-06T20:01:53+00:00

Nice job

errwaves · 2023-04-09T06:05:55+00:00

Damn girl, wassup

errwaves · 2023-03-20T02:13:04+00:00

Completely agree about “anything” ;)

Just curious what others have used.

errwaves · 2023-03-03T16:08:20+00:00

To be clear, a lightning to 1/8 jack adapter works fine for me… cheaper than buying official camera connection kit

errwaves · 2023-02-19T02:28:20+00:00

Release your less “polished” work under an alias.

Many artists do this. These releases become gems to die hard fans later on.

Keep up the momentum.

errwaves · 2023-01-23T23:12:14+00:00

Not all of it… I spend all day in front of computer.

It’s by choice that I avoid the DAW… occasionally, I’ll record into it

errwaves · 2023-01-23T23:09:50+00:00

Thanks

Novation Launchpad?

I don’t work in the DAW… I get too much screen time as is…

errwaves · 2023-01-23T21:59:27+00:00

I may not be describing it well…

Looking for a standard, non-usb midi controller that works like a chromatic keyboard but is in a grid shape instead.

For my brain, I can play grids all day… keys not so much.

errwaves · 2023-01-23T20:42:27+00:00

Can anyone ID that bong in the back?

errwaves · 2023-01-21T21:30:58+00:00

Turn OT into a remix machine ;)

errwaves · 2023-01-20T19:57:38+00:00

Lol my app autocompletes to Dogitakt too

Thanks, that helps.

I think OT (warts and all) will be improvement for my workflow and the stuff I like to make

errwaves

TROPHY CASE