Opinionated insights on application security, alert fatigue, and why most tools fail to deliver real value.
Read the insightsTurning security tool outputs into actionable insights is one of the biggest challenges for developers and security engineers. In this post, I’m sharing a minimal viable product (MVP) that takes Semgrep scan outputs and visualize
January 2026In the previous post, we saw how many security tools can “lie”: they don’t tell the full story, generate noise, and often leave teams with a false sense of security. But what happens after a vulnerability is reported? The story doesn’t get any better: most findings are misunderstood.
January 2026We live in a world where developers and security teams are drowning in alerts. Every scanner, every automated tool, every “security dashboard” promises to tell you what matters—but in reality, most of it is noise.
January 2026