If you maintain Go services, you've probably been here: a scanner flags a CVE, you spend 30 minutes tracing imports and call paths, and it turns out your code never touches the vulnerable function. I built GVS to automate that. Give it a repo URL and a CVE ID, and it does call graph analysis to determine whether the vulnerable symbols are actually reachable from your code. What it does: Builds cal
A defaced website is a curious problem. It's loud — anyone visiting the page can see something is wrong. But it's also quiet from a server's perspective: HTTP returns 200, your uptime monitor is happy, your TLS cert hasn't moved, and the CMS logs show a "successful" content update from a legitimate-looking session. The signal is on the rendered page, not in the metrics. I run a site at hi3ris.blue
A follow-up: how the architecture works In my previous article, I explained why I built NGB Platform and what problem it is trying to solve: I Built an Open-Source Platform Foundation for Accounting-Centric Business Apps That article was mostly about the why. Why generic web frameworks are not enough for serious business applications. Why large ERP products solve many of the right problems, but
You just ran a dependency scan and the report shows 133 vulnerabilities. 34 are Critical. 68 are High. The dashboard is red, the backlog is exploding, and every item looks urgent. The engineering team asks the obvious question: where do we start? This is where vulnerability remediation prioritization matters. Without a clear framework, teams either panic and chase the loudest CVE, or they ignore t
We've been there. JSON Schema gets hard to write as soon as your payload is non-trivial. Conditional logic, cross-field rules, business invariants, and at some point we stop writing contracts at all. We go code-first, generate the schema from annotations, and end up with 200 lines very few understand, and error messages referencing paths like #/properties/items/allOf/0/then/Then that map to nothin
What's new Based on early user feedback, Permi can now save your vulnerability scan results in three distinct formats to fit your workflow: --export results.txt – Human-readable plain text for quick reviews. --export results.json – Structured data designed for scripts and CI/CD automation. --export results.md – Clean Markdown, perfect for GitHub documentation or internal wikis. To try out the ne
Introduction I wouldn't call myself a historian, as I switched careers a long time ago, and my skills and knowledge have faded away. However, when I look at the current AI revolution changing for better or worse the software industry, I am wondering how historical studies will be impacted. When working with LLMs, one of the crucial parts is to provide them with the relevant context. Frontier mo
The Problem AI agents are moving from answering questions to taking actions — calling APIs, querying databases, executing code, managing memory. The security surface has shifted from "what the model says" to "what the agent does." Most guardrail solutions address the first problem. They filter content. They detect prompt injection. They moderate output. These are necessary but insufficient. The