Connect with us for updates on research, advisories, and firm announcements.
Response Time
Within 24 hours
All inquiries receive a response within one business day. Urgent security matters are prioritized.
Responsible Disclosure
If you have discovered a vulnerability in our systems or wish to report a finding through coordinated disclosure, please use the email above with the subject line DISCLOSURE:
FAQ
Common Questions
How quickly can an engagement start?
Typically within two to three weeks of signing. The first engagement in a continuous program includes the environment discovery phase, which subsequent engagements build upon.
What does the 90-day exit clause mean?
Any continuous program can be terminated with 90 days written notice. There are no penalties, minimum billing requirements beyond the 90-day window, or contractual lock-in beyond that period.
Do you require source code access for web app testing?
No. All assessments are conducted from the same external perspective an attacker would have. Source code access is optional and can improve coverage for SAST engagements specifically.
Can we use the report for compliance purposes?
Yes. Reports are structured to satisfy common compliance requirements including SOC 2 Type II, ISO 27001, and client security questionnaires. The Living Executive Summary is specifically designed as a procurement-ready document.
What industries do you work with?
Primarily B2B SaaS companies with 20 to 500 employees who need continuous offensive security without an internal red team. We also work with fintech, healthtech, and any cloud-native organization facing significant security scrutiny from enterprise buyers.