Opinionated insights on application security, alert fatigue, and why most tools fail to deliver real value.
Read the insightsSignal Engine 0.3.0 transforms raw security findings into structured, actionable insight. With clustering, deduplication, and risk-based hotspots, noise gives way to clarity. Less data to sift through, more signal to act on.
March 2026Soak is a zero-dependency Docker image that aggregates a curated set of open-source security scanners into a single, reproducible execution environment.
February 2026Turning security tool outputs into actionable insights is one of the biggest challenges for developers and security engineers. In this post, I’m sharing a minimal viable product (MVP) that takes Semgrep scan outputs and visualize
January 2026In the previous post, we saw how many security tools can “lie”: they don’t tell the full story, generate noise, and often leave teams with a false sense of security. But what happens after a vulnerability is reported? The story doesn’t get any better: most findings are misunderstood.
January 2026We live in a world where developers and security teams are drowning in alerts. Every scanner, every automated tool, every “security dashboard” promises to tell you what matters—but in reality, most of it is noise.
January 2026