Update about page

- Standardize bullets to be similiar by enforcing punctuation endings
This commit is contained in:
Shane Engelman 2023-01-22 20:36:43 -06:00
parent a567afa6a1
commit 6abfa30864
Signed by: shane
GPG Key ID: D9DF703B83B9A9B5
1 changed files with 21 additions and 21 deletions

View File

@ -30,34 +30,34 @@ We tend to start with a consultation where try to help you understand your true
- We will never ask you to give us access to production systems or have any power over your org.
- Anyone with access to significant value is at personal risk. We teach distrust to protect people.
- We will always provide a way for you to build and verify any binaries we provide yourself
- We are happy to provide you any background research we legally can so you can make your own conclusions
- We will always provide a way for you to build and verify any binaries we provide yourself.
- We are happy to provide you any background research we legally can so you can make your own conclusions.
### Transparency
- We regularly open source our research and common advice to get input and corrections from others in our industry
- Prices are always public. We will sometimes adjust based on demand, but everyone is offered the same rates
- We regularly open source our research and common advice to get input and corrections from others in our industry.
- Prices are always public. We will sometimes adjust based on demand, but everyone is offered the same rates.
- With the exception of fully Open Source projects, which we offer a universal 15% discount on.
### Security
- Our internal threat model assumes well funded entities are interested in our clients and our work
- All client work is performed in dedicated local virtual machines under an offline host OS
- Our internal threat model assumes well funded entities are interested in our clients and our work.
- All client work is performed in dedicated local virtual machines under an offline host OS.
- All authentication, and password management is done via dedicated pin+touch controlled personal HSMs.
- We exclusively use End-To-End cross-verified encrypted chat internally.
### Privacy
- Your data and IP are always stored with AES256 encryption unlockable only with our personal HSMs.
- Your data and IP are never exposed in plain text except on your systems or systems we physically control
- Everyone on our team has hardware-backed PGP keys to encrypt documents and emails if you prefer
- Your data and IP are never exposed in plain text except on your systems or systems we physically control.
- Everyone on our team has hardware-backed PGP keys to encrypt documents and emails if you prefer.
### Freedom
- We feel every customer has a path to not need us anymore, and we will encourage it.
- We exclusively use Open Source internally and help make improvements when needed
- We exclusively use Open Source internally and help make improvements when needed.
- All general purpose security tools and research we create is Open Source by default.
- We ensure you have a free path to replicate any of our findings yourself
- We ensure you have a free path to replicate any of our findings yourself.
- We will always favor solutions that minimize lock-in with third parties.
---
@ -65,16 +65,16 @@ We tend to start with a consultation where try to help you understand your true
## Services
- Reproducible builds
- Build all software multiple times in systems controlled by different teams
- Ensure hashes match, proving code and binaries were not tampered with
- Build all software multiple times in systems controlled by different teams.
- Ensure hashes match, proving code and binaries were not tampered with.
- We optionally can host and maintain secondary build infrastructure.
- Cryptographic key escrow
- Quorum managed immutable infrastructure
- Software Supply Chain Integrity
- Production Engineering Security
- Security Hiring
- Retained security support
- Hardware Security Modules
- Physical Security
- Business Continuity Planning
- Cryptographic key escrow.
- Quorum managed immutable infrastructure.
- Software Supply Chain Integrity.
- Production Engineering Security.
- Security Hiring.
- Retained security support.
- Hardware Security Modules.
- Physical Security.
- Business Continuity Planning.
- Planning for Black Swan events.