How we develop software
We believe in building simple tools that interlock together. We reject enterprise software - expensive, over-complex products where you pay for features you’ll never use.
A good tool should be lean and focused. It should open itself up to interconnections with other tools. When the needs of your tools change as the situation changes, you can adapt easily.
We believe strongly in web technologies. This doesn’t just mean web interfaces, but web-accessible data interfaces too.
We love developing robust servers and backend processes that help channel and funnel data around.
We also have a strong set of skills in mobile technologies that work just as well on your cell phone as they do on a desktop.
We favour most any flavour of GNU/Linux for our servers and backends.
We are big believers in open source software. We want to improve the state of the art for CSIRT tools, and that includes the ability to share and extend them. We can operate under the license that suits you: MIT, GPL, BSD, or your preference.
Of course, if you want some development that you need to keep close to your chest, no problem - we can work under a closed license too.
It’s hard to describe how happy automation makes us. The offloading of tedium via automated processes: that’s what software is all about.
CSIRTs have enough new problems to deal with in the information security world, without being bogged down in repetitive, dull work. Improving your automation lets your team escape from trench-digging work, and move on to innovate ways to tackle the problems you face.
There are lots of problems to tackle out there, and there’s no sense reinventing solutions.
We have experience in evaluating and deploying software used by CSIRTs. We’re happy to be your software consultant when you need a second opinion to decide which path to take.
Secure software development
As a guiding light in the information security industry, CSIRTs need to set the example by strictly practicing secure software practices. We have experience designing and deploying secure systems, while being acutely aware of secure software development practices.