We are prototyping an innovative new business model – using a Dutch "Fiscaal Fondswervende Instelling" (Fiscal Fundraising Institution) to provide a commercial front-end that sends 100% of our profits tax-free to a charitable foundation (Stichting NLnet) that has supported open-source, Internet research, and digital rights organizations for almost 20 years. Our low management/overhead costs mean we can afford to pay competitive wages to our computer security consultants.
There are similar constructions in the world (B-corporations, Mozilla, etc..), but we tackle things from a slightly different angle. Our idealism fuels our growth; it helps us to hire idealistic A-list security experts, and to find like-minded customers who want to use their security budget as a "vote" to support socially responsible entrepreneurship.
We see ourselves as "hacking a new business model" for prototyping an ideal company – one that optimizes for benefit to the world (customers, employees, society) as opposed to profit motive (shareholders, investors, founders). Our hope is that, in a few years from now, we might inspire others to setup similar sustainable "not for profit businesses" in other industries. Call us dreamers, but we hope that we can help to move society forward in this way.
We don't build surveillance systems, hack activists, sell exploits to intelligence agencies, or anything like that. If a job is even remotely morally questionable, we won't do it.
During engagements, we will not only share our results with your company, but provide a step-by-step description of how to perform the same audit or procedure without us. We want to demystify what we're doing. It's not rocket science, and we genuinely want to help your company improve its security posture, even if it costs us repeat business.
Releasing ALL tools and frameworks we build as open source.
Releasing ALL collected threat intelligence (Indicators of Compromise) into an open source database that everyone can freely use. (Sanitized in agreement with customers.)
We don't sell zero-days – we disclose them responsibly!