diff --git a/about.md b/about.md index db52405..7fecf1d 100644 --- a/about.md +++ b/about.md @@ -30,34 +30,34 @@ We tend to start with a consultation where try to help you understand your true - We will never ask you to give us access to production systems or have any power over your org. - Anyone with access to significant value is at personal risk. We teach distrust to protect people. -- We will always provide a way for you to build and verify any binaries we provide yourself -- We are happy to provide you any background research we legally can so you can make your own conclusions +- We will always provide a way for you to build and verify any binaries we provide yourself. +- We are happy to provide you any background research we legally can so you can make your own conclusions. ### Transparency -- We regularly open source our research and common advice to get input and corrections from others in our industry -- Prices are always public. We will sometimes adjust based on demand, but everyone is offered the same rates +- We regularly open source our research and common advice to get input and corrections from others in our industry. +- Prices are always public. We will sometimes adjust based on demand, but everyone is offered the same rates. - With the exception of fully Open Source projects, which we offer a universal 15% discount on. ### Security -- Our internal threat model assumes well funded entities are interested in our clients and our work -- All client work is performed in dedicated local virtual machines under an offline host OS +- Our internal threat model assumes well funded entities are interested in our clients and our work. +- All client work is performed in dedicated local virtual machines under an offline host OS. - All authentication, and password management is done via dedicated pin+touch controlled personal HSMs. - We exclusively use End-To-End cross-verified encrypted chat internally. ### Privacy - Your data and IP are always stored with AES256 encryption unlockable only with our personal HSMs. -- Your data and IP are never exposed in plain text except on your systems or systems we physically control -- Everyone on our team has hardware-backed PGP keys to encrypt documents and emails if you prefer +- Your data and IP are never exposed in plain text except on your systems or systems we physically control. +- Everyone on our team has hardware-backed PGP keys to encrypt documents and emails if you prefer. ### Freedom - We feel every customer has a path to not need us anymore, and we will encourage it. -- We exclusively use Open Source internally and help make improvements when needed +- We exclusively use Open Source internally and help make improvements when needed. - All general purpose security tools and research we create is Open Source by default. -- We ensure you have a free path to replicate any of our findings yourself +- We ensure you have a free path to replicate any of our findings yourself. - We will always favor solutions that minimize lock-in with third parties. --- @@ -65,16 +65,16 @@ We tend to start with a consultation where try to help you understand your true ## Services - Reproducible builds - - Build all software multiple times in systems controlled by different teams - - Ensure hashes match, proving code and binaries were not tampered with + - Build all software multiple times in systems controlled by different teams. + - Ensure hashes match, proving code and binaries were not tampered with. - We optionally can host and maintain secondary build infrastructure. -- Cryptographic key escrow -- Quorum managed immutable infrastructure -- Software Supply Chain Integrity -- Production Engineering Security -- Security Hiring -- Retained security support -- Hardware Security Modules -- Physical Security -- Business Continuity Planning +- Cryptographic key escrow. +- Quorum managed immutable infrastructure. +- Software Supply Chain Integrity. +- Production Engineering Security. +- Security Hiring. +- Retained security support. +- Hardware Security Modules. +- Physical Security. +- Business Continuity Planning. - Planning for Black Swan events.