Breach analysis, vulnerability reporting, independent tool testing and enterprise security coverage. We test the claims, verify the code and report what the security industry often won't say about its own products.
The scope of the breach became clear only weeks after the initial disclosure. We tracked what happened, who was affected and which remediation commitments were kept.
We ran controlled network capture tests on twelve major consumer VPN products. Four failed their own no-log promises. Here is what to use instead.
The Common Vulnerabilities and Exposures database is under-resourced, politically contested and years behind on critical disclosures. The infrastructure that runs on these numbers is not aware.
Zero trust is the enterprise security phrase of the decade. The implementations we reviewed ranged from genuinely robust to nothing more than a rebrand of the same perimeter model.
A critical authentication bypass in a widely-deployed version of OpenSSH was quietly patched after an independent researcher filed a report that vendors initially dismissed.
Marketing copy for password managers is nearly identical across products. The security architecture underneath is not. We tested the cryptographic implementations.
The MDR market has grown rapidly on the back of a cybersecurity skills shortage. We investigated three incidents where MDR providers failed to detect intrusions they were contracted to catch.
Cyber insurance policies that cover ransom payments have created a moral hazard the industry does not want to discuss. We looked at the claims data and the incentive structures.