Static Analysis Security Testing (SAST) tools are essential for modern secure software development, yet the maintenance and creation of high-quality detection rules remain challenging and resource-intensive. This paper presents Autogrep, an automated system for generating and filtering security rules for static analysis tools. Motivated by recent licensing changes in the Semgrep ecosystem, Autogrep addresses the critical need for maintaining and expanding permissively licensed security rules. By leveraging Large Language Models (LLMs) and a multi-stage filtering pipeline, Autogrep transforms vulnerability patches into precise, generalizable security rules while eliminating duplicates and overly specific patterns.

In an era where our digital footprints are as expansive as the internet itself, the concept of digital immortality is not just science fiction but a burgeoning reality. The introduction of meraGPT, the world’s first digital afterlife as a service platform, represents not only a leap towards this future but also a reflection on humanity’s long-standing desire to leave a mark beyond their physical existence.

In the rapidly evolving world of software development, security remains a paramount concern. With the increasing complexity of applications and the ever-present threat of cyber attacks, developers and security teams are in a constant race to identify and fix vulnerabilities. This is where AutoFix, a groundbreaking tool, enters the picture.

Recently, I have been thinking a lot about product commoditization and how it affects the software composition analysis (SCA) tools market. If you have been living under a rock and have never heard of SCA you can read a general overview of the problem and solution space here.

We saw several new programming languages like Kotlin, Rust, and Go lang come into promienence this year. In this article, we take a look at what 2018 has in store when it comes to programming languages.

This year we saw a number cyber attacks like WannaCry and Petya aimed at causing disruptions and damage to organizations and nations. In this article, we take a look at what is in store for us in 2018.

Self-propagating threats such as WannaCry and Petya were only the tips of the iceberg. The success hackers enjoyed with WannaCry and Petya makes it quite likely others will try to replicate the tactics used by deploying ransomware as a worm. The propagation mechanisms employed by both ransomware families enabled the threats to spread quickly across an entire computer network. In this article, we will see how do they work and what are organizations doing to prepare themselves for the likelihood of the more pronounced threat.

Application Performance Mangement or APM refers to the practice of monitoring the performance of your code, application, runtimes, and overall user experience. In this article, we will talk about how DevOps impacts APM and how you can adjust to the new software supply chain.

There are several free tools that a security engineer may use as part of their arsenal but the following three are quite essential.

Recently, a survey done on open source risk found that enterprises are not proactive in managing and securing the use open source. Almost 40% of respondants said that no one in their company was responsible for open source compliance. Use of insecure components and vulnerable open source libraries is on a rise in enterprise applications.

On 25th May 2018 the EU General Data Protection Regulation (GDPR) will become enforceable. It will change how businesses and public sector organizations can handle information of customers and users. GDPR is Europe’s new framework for data protection laws and replaces existing data protection directive. The full text of the regulation can be found here. In this article, we will cover five basic steps an organization can take in order to ensure GDPR compliance.

Botwall4J is an open-source library that can help protect Java web applications from bots, content scrapers and automated account hijacking attempts. In this article, we will see how simple it is to integrate botwall4j with a Spring Boot application and get protection from bots without any code changes.

GramTest is a Java-based tool that allows you to generate random test cases based on BNF grammars. It is an open-source project and can be downloaded from GitHub. In this article, we will see how you can use GramTest to generate continuous tests that can in-turn be used to fuzz Java libraries and applications.

I have always been interested in the interplay between programming languages and software security. In particular, isn’t it nice that there are class of vulnerabilities that can be eliminated by designing a different programming language? For example, consider buffer overflow, it is one of the most common defects in C but is almost absent in a language like Java. This site will be an avenue for sharing some thoughts around software security and computer programming.