Measuring and Exploiting Confirmation Bias in LLM-Assisted Security Code Review

Security code reviews increasingly rely on systems integrating Large Language Models LLMs, ranging from interactive assistants to autonomous agents in CI/CD pipelines. We study whether confirmation bias i.e., the tendency to favor interpretations that align with prior expectations affects LLM-bas...

CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)

This advisory covers a number of issues identified in Velociraptor and disclosed by a security code review performed by Tim Goddard from CyberCX. We also thank Rhys Jenkins for working with the Velociraptor team to identify and rectify these issues. All of these identified issues have been fixed ...

Agnitio - Manual Security Code Review Tool

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. The major changes in v2.1 are listed below:...