Making Implicit System Assumptions Explicit & Checkable

We help teams surface trust boundaries, invariants, failure modes & make them testable

Book a Consult See the Analysis ↓

Latest Articles

MemSafeEval Part 1: A Bottom-Up Classification of Memory Safety Vulnerabilities in C and C++

Why frontier LLMs fail at vulnerability classification—and what it reveals about CWE labels

MemSafeEval Part 2: When Are Two Bugs the Same Bug?

How to classify vulnerabilities when the ground truth doesn’t exist

MemSafeEval Part 3: Building a Synthetic Dataset for a Vulnerability Classifier

Generating thousands of verified vulnerabilities with sanitizers as the source of truth

Catching the Next telnetd-Class Security Bug

A practical workflow for trust-boundary verification