Pieter De Cremer is a Lead Security Researcher with a PhD in Software Security and eight years of experience building high-signal static analysis rules and developer-focused security tooling. Based in Belgium, he has grown at Semgrep from senior researcher to lead, shaping rule-writing practices, metrics-driven program analysis priorities, and internal tooling that improves rule quality and coverage. An active open-source contributor to Semgrep’s core and rules repositories, he’s improved detection for XXE and insecure Dockerfile patterns, reduced false positives, and enhanced autofix testing and YAML handling. Pieter combines rigorous academic research with pragmatic product innovation—he previously created hundreds of training exercises and patented ideas during a PhD-funded stint at Secure Code Warrior—making him as comfortable in public speaking and content creation as in low-level rule engineering.
8 years of coding experience
4 years of employment as a software developer
Master of Engineering (M.Eng.), EMCOSC - Master of Science in Computer Science Engineering, Master of Engineering (M.Eng.), EMCOSC - Master of Science in Computer Science Engineering at Universiteit Gent
Doctor of Science, Computer Science Engineering, Doctor of Science, Computer Science Engineering at Ghent University
Latijn-Wiskunde, Latijn-Wiskunde, Latijn-Wiskunde, Latijn-Wiskunde at SMC Lede
Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
Role in this project:
Security Engineer
Contributions:223 reviews, 160 commits, 267 PRs in 11 months
Contributions summary:Pieter contributed significantly to the security rules within the semgrep-rules repository. They added new rules to prevent XXE vulnerabilities and expanded existing rules, particularly for Dockerfiles, covering areas such as image versioning and avoiding insecure practices. Further contributions involved fixing false positives, updating test cases and addressing comments in pull requests to refine existing security checks. Their focus was on improving the accuracy and coverage of security scans within the project.
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Role in this project:
QA Engineer / Test Automation Engineer
Contributions:1 review, 10 commits, 9 PRs in 5 months
Contributions summary:Pieter focused on enhancing the testing infrastructure and functionality within the Semgrep repository. Their contributions involved adding new test cases for autofix behavior, modifying existing tests to incorporate autofix testing, and ensuring test coverage across different scenarios. They implemented changes to the testing framework, including the switch to ruamel.yaml for yaml parsing, and adjusted the test results output format. Additionally, the user worked on improving the test exit codes for accurate assessment of test results.
looklinterpythonr2cjavascript
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Pieter De Cremer - Lead Security Researcher at Semgrep