Update about page
- Standardize bullets to be similiar by enforcing punctuation endings
This commit is contained in:
parent
a567afa6a1
commit
6abfa30864
GPG Key ID:
D9DF703B83B9A9B5
42
about.md
42
about.md
|
|
@ -30,34 +30,34 @@ We tend to start with a consultation where try to help you understand your true
|
||||||
|
|
||||||
- We will never ask you to give us access to production systems or have any power over your org.
|
- We will never ask you to give us access to production systems or have any power over your org.
|
||||||
- Anyone with access to significant value is at personal risk. We teach distrust to protect people.
|
- Anyone with access to significant value is at personal risk. We teach distrust to protect people.
|
||||||
- We will always provide a way for you to build and verify any binaries we provide yourself
|
- We will always provide a way for you to build and verify any binaries we provide yourself.
|
||||||
- We are happy to provide you any background research we legally can so you can make your own conclusions
|
- We are happy to provide you any background research we legally can so you can make your own conclusions.
|
||||||
|
|
||||||
### Transparency
|
### Transparency
|
||||||
|
|
||||||
- We regularly open source our research and common advice to get input and corrections from others in our industry
|
- We regularly open source our research and common advice to get input and corrections from others in our industry.
|
||||||
- Prices are always public. We will sometimes adjust based on demand, but everyone is offered the same rates
|
- Prices are always public. We will sometimes adjust based on demand, but everyone is offered the same rates.
|
||||||
- With the exception of fully Open Source projects, which we offer a universal 15% discount on.
|
- With the exception of fully Open Source projects, which we offer a universal 15% discount on.
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
- Our internal threat model assumes well funded entities are interested in our clients and our work
|
- Our internal threat model assumes well funded entities are interested in our clients and our work.
|
||||||
- All client work is performed in dedicated local virtual machines under an offline host OS
|
- All client work is performed in dedicated local virtual machines under an offline host OS.
|
||||||
- All authentication, and password management is done via dedicated pin+touch controlled personal HSMs.
|
- All authentication, and password management is done via dedicated pin+touch controlled personal HSMs.
|
||||||
- We exclusively use End-To-End cross-verified encrypted chat internally.
|
- We exclusively use End-To-End cross-verified encrypted chat internally.
|
||||||
|
|
||||||
### Privacy
|
### Privacy
|
||||||
|
|
||||||
- Your data and IP are always stored with AES256 encryption unlockable only with our personal HSMs.
|
- Your data and IP are always stored with AES256 encryption unlockable only with our personal HSMs.
|
||||||
- Your data and IP are never exposed in plain text except on your systems or systems we physically control
|
- Your data and IP are never exposed in plain text except on your systems or systems we physically control.
|
||||||
- Everyone on our team has hardware-backed PGP keys to encrypt documents and emails if you prefer
|
- Everyone on our team has hardware-backed PGP keys to encrypt documents and emails if you prefer.
|
||||||
|
|
||||||
### Freedom
|
### Freedom
|
||||||
|
|
||||||
- We feel every customer has a path to not need us anymore, and we will encourage it.
|
- We feel every customer has a path to not need us anymore, and we will encourage it.
|
||||||
- We exclusively use Open Source internally and help make improvements when needed
|
- We exclusively use Open Source internally and help make improvements when needed.
|
||||||
- All general purpose security tools and research we create is Open Source by default.
|
- All general purpose security tools and research we create is Open Source by default.
|
||||||
- We ensure you have a free path to replicate any of our findings yourself
|
- We ensure you have a free path to replicate any of our findings yourself.
|
||||||
- We will always favor solutions that minimize lock-in with third parties.
|
- We will always favor solutions that minimize lock-in with third parties.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
@ -65,16 +65,16 @@ We tend to start with a consultation where try to help you understand your true
|
||||||
## Services
|
## Services
|
||||||
|
|
||||||
- Reproducible builds
|
- Reproducible builds
|
||||||
- Build all software multiple times in systems controlled by different teams
|
- Build all software multiple times in systems controlled by different teams.
|
||||||
- Ensure hashes match, proving code and binaries were not tampered with
|
- Ensure hashes match, proving code and binaries were not tampered with.
|
||||||
- We optionally can host and maintain secondary build infrastructure.
|
- We optionally can host and maintain secondary build infrastructure.
|
||||||
- Cryptographic key escrow
|
- Cryptographic key escrow.
|
||||||
- Quorum managed immutable infrastructure
|
- Quorum managed immutable infrastructure.
|
||||||
- Software Supply Chain Integrity
|
- Software Supply Chain Integrity.
|
||||||
- Production Engineering Security
|
- Production Engineering Security.
|
||||||
- Security Hiring
|
- Security Hiring.
|
||||||
- Retained security support
|
- Retained security support.
|
||||||
- Hardware Security Modules
|
- Hardware Security Modules.
|
||||||
- Physical Security
|
- Physical Security.
|
||||||
- Business Continuity Planning
|
- Business Continuity Planning.
|
||||||
- Planning for Black Swan events.
|
- Planning for Black Swan events.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue