Etiquette

Some work pays well and still isn't worth doing. Here's what we will and won't take on.

No harmful applications

We don't build tools whose primary purpose is to deceive, surveil without consent, manipulate elections, or hurt vulnerable people. If the use case isn't clear, we ask. If it stays unclear, we pass.

White-hat only

Our security work is defensive. We test systems with written permission from their owners and only against assets the owner controls. No gray-area engagements, no zero-day brokering, no offensive services-for-hire.

No corruption

We don't pay bribes, kickbacks, or "facilitation fees" to win work or move things along. If a project needs that to happen, it isn't a project for us.

Honest pricing

One number, in writing, with what's included and what isn't. No surprise change orders dressed up as discovery.

Truth over flattery

If your plan is wrong, we'll say so before we take your money. If we can't do something well, we'll tell you that too.

We will walk away

Mid-engagement if we have to. Reputation lasts longer than a contract.