VU.LS

Product security matters

Product security matters
We analyze vulnerabilities and help your organization manage them responsibly.

Learn more and start today

SERVICES

What we do

PLATFORM DEVELOPMENT

We develop the AdVISE system for Coordinated Vulnerability Disclosure and PSIRT Management. We provide multiple levels of software support as well as hosting options for the platform.

PSIRT SUPPORT

Our team has coordinated mitigations to thousands of vulnerabilities over multiple decades. We provide full support for your PSIRT, from assistance handling an individual vulnerability to outsourcing your entire site and team (and everything in between).

SOFTWARE ANALYSIS

Our team has discovered thousands of software vulnerabilities in a wide variety of products and systems. We also develop custom vulnerability discovery and analysis tools. Our experts will work with you to keep your product or system secure.

TRAINING

Our team has trained PSIRT staff for organizations and governments across the globe. We provide customized training for your team on your schedule.

AdVISE

ADVANCED VULNERABILITY INFORMATION SHARING ENVIRONMENT

A platform for Coordinated Vulnerability Disclosure and PSIRT Management

A scalable, open-source vulnerability management system designed for multi-party coordinated vulnerability disclosure. AdVISE was developed to take the burden off PSIRTs, CERTs, and security professionals attempting to investigate and responsibly disclose software vulnerabilities. It is based on our staff's decades of experience with coordinated vulnerability disclosure (CVD) and previous experience developing the VINCE (Vulnerability Information and Coordination Environment) system for CERT/CC and DHS CISA at Carnegie Mellon University.

AdVISE supports CVE assignment, CSAF exchange, SSVC scoring, VEX support, and tracking vulnerabilities in software components.
We provide both software support and hosting services. Contact us now for pricing.

PSIRT Support

Our staff have decades of experience coordinating mitigations to software vulnerabilities.

Our staff wrote the ISO 29147 and 30111 standards for Vulnerability Disclosure and Handling. Our staff also co-authored the CERT Guide to Coordinated Vulnerability Disclosure, and led the development of the FIRST Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure.

Our staff co-created the Stakeholder Specific Vulnerability Categorization (SSVC) system to provide the cyber community a vulnerability analysis methodology for triaging and prioritizing vulnerability analysis that accounts for a vulnerability's exploitation status, impacts to safety, and prevalence of the affected product in a singular system.

We provide multiple levels of support for your PSIRT:

  • Hosting a CVD/Reporting Platform
  • Triage of Vulnerability Reports
  • Case Handling
  • Coordination with Researchers and Vendors
  • Vulnerability Reproduction
  • Mitigation Testing
  • Report Creation and Publishing

Contact us now for pricing.

world graph
analysis

Software Analysis and Security Engineering

Our staff have discovered and disclosed thousands of vulnerabilities in a wide variety of software and systems, and build and maintain custom tools to discover and remediate vulnerabilities.

We can work with you to keep your software secure--from development to testing and throughout continuous deployment. Contact us now to learn how.

Training

We provide training for CERT and PSIRT staff. Our team is very experienced in both large and small group trainings, either at our location or a location specified by your organization. We are flexible on the content and can adapt it to the level of expertise of the participants as required. Contact us now to discuss training options.

CONTACT

Lets get in touch. Send us a message:

Scottdale, PA

Email: