Security Explorations conducts security and vulnerability research with respect to
the most challenging software security technologies.

{ General info }

During our research efforts, we investigate in detail security of a target software or technology in order to find weaknesses in its design and implementation.

As true researchers, we investigate each target very thoroughly. This very often involves development of custom reverse engineering or code analysis tools. Without these tools we would not be able to successfully complete most of our projects.

Passion and years of experience in binary analysis allows us to deal even with the most challenging tasks.

When interacting with vendors of affected technologies we usually follow our Disclosure Policy.


{ Security Research Program (SRP) }

Security Research Program allows companies and organizations to get access to the results of research projects conducted by Security Explorations.

SRP corresponds to commercial security research conducted by Security Explorations. It is reserved to most complex and challenging projects, which are unique in some way.

Program Information:

{ Disclousure policy }

  • Non-commercial security research (Pro Bono)

    Vendors responsible for fixing security defects uncovered in a result of our research are issued the so called vulnerability notices containing brief (though sufficient) information about vulnerabilities identified in their products. From that moment, internal security and engineering teams of a given vendor can start their work aiming to fix reported issues.

    Security Explorations does not send vulnerability information to the licensees of a given technology. Only original vendors of the affected technology or software are provided with brief vulnerability information.

    Security Explorations starts informing vendors and public on the same day about identified security threats. The public is notified about the existence of a given security weakness, vendors are provided with its brief details.

    The public can monitor the status of vendor activities with respect to the fixing of reported issues through our web pages corresponding to the target research project.

    In case of acquiring or discovering information indicating that certain security issues had been fixed or cannot be exploited anymore, Security Explorations reserves the right to publish additional details about such issues.

    Security Explorations may publish Proof of Concept codes for security vulnerabilities and attack techniques discovered by the company at any time after or in parallel with their technical details disclosure.

    Issues already reported to the vendor, which were improperly fixed are not a subject to this policy. They are publicly disclosed without any prior notice.

    Any legal threats coming from vendors or any 3rd party are immediately announced by us in the legal threats section of our website.

  • Commercial security research (SRP)

    Security Explorations does not send vulnerability information to vendors of the affected technology or software. The results of SRP projects (or SRP materials) are available to SRP members as part of SRP program and on a fee basis.

    Vendors of the affected technology or software might receive a notification that a given material is made available under SRP program. They can either purchase access to the material (SRP AO) or acquire exclusive ownership rights to it (SRP EP).

    SRP materials, which are not acquired on an exclusive basis can be a subject of a publication.

    Any legal threats coming from vendors or any 3rd party are immediately announced by us in the legal threats section of our website.


{ Legal threats }

In the past, some software vendors tried to use legal threats to discourage security researchers from the publication of the results of their research.

The specifics of our company operation needs to take such a course of actions into account. Thus, we decided to dedicate a web page on our corporate web site in order to present any legal threats issued against Security Explorations with respect to its security research work activity.

Current Legal Threats status:

NONE