During our research efforts, we investigate in detail security of a target software or technology in order to find weaknesses in its design and implementation.
As true researchers, we investigate each target very thoroughly. This very often involves development of custom reverse engineering or code analysis tools. Without these tools we would not be able to successfully complete most of our projects.
Passion and years of experience in binary analysis allows us to deal even with the most challenging tasks.
It takes us many months of work to research security of a given target, devise attack techniques, develop dedicated tools, write working Proof of Concept codes and prepare technical documentation.
Unfortunately, not all vendors respect the amount of time and dedication taken at our end and aimed at helping them make their products more secure.
As a result of experiencing significant disrespect / problems with various vendors in 2022 and 2023 such as the following:
starting from Apr 24, 2023, Security Explorations stops informing vendors about its security findings. By default, any such findings (results of Security Explorations' research) are to be disclosed to the public without prior notification.
Vendors interested to receive notifications of our findings prior to the publication may sign up to our paid Vulnerability Notification and Control Program (details).
The new policy goes along the following line:
"If you give someone a Mercedes for free, this will not be appreciated / respected. One respects Mercedes' value if one pays for it".