Shivasurya

April 17th, 2025

Static Analysis Isn't Enough: Understanding Library Interactions for Effective Data Flow Tracking

Static analysis tools go blind without understanding library calls – learn why modeling them is critical for finding real security flaws.
April 10th, 2025

Lessons from Building Sherlock: Automating Security Code Reviews with Sourcegraph

Explore how Sherlock leverages Sourcegraph to automate security code reviews, enhancing productivity and ensuring robust code security.
March 19th, 2025

LLM-Powered Security Reviews: Insights and Challenges

Exploring the potential and challenges of LLM-assisted security reviews
January 28th, 2025

How I Use AI to Streamline/Assist My Work

A short blog post on how I leverage LLMs (AI) to streamline or assist my work
December 26th, 2024

2024 Wrapped

Blog post about 2024 Wrap & Reflection
December 19th, 2024

Books I read in 2024

Books I read in 2024
September 10th, 2024

CodeQL: Eindhoven Quantifier Notation

This blog post will discuss about Eindhoven Quantifier Notation adopted by CodeQL
June 27th, 2024

Sherlock: Automate security code reviews with Cody AI

This blog post will discuss about semi-autonomous way to perform security code reviews
March 8th, 2024

Defining Boundaries & Sinks for Inter-procedural Source Sink Analysis - Part 3

Defining Boundaries & Sinks for Inter-procedural Source Sink Analysis - Part 3
January 24th, 2024

Deep dive on Android Java / Kotlin Deserialization Code Execution with Semgrep Detection

Code Execution via Java & Kotlin Deserialization in Android Application