List of Firms Willing and Able to Fix Vulnerable Code for You

2 Replies

As anyone in Web security will confirm, there’s no shortage of vulnerabilities in custom Web applications. On the average website, WhiteHat Security identifies at least dozens, more often hundreds, of custom Web application vulnerabilities per year. Any one of these vulnerabilities may lead to total or partial system compromise, user account takeover, data loss, fraud, and so on. When such a vulnerability is found, the next task is getting it fixed. The task of vulnerability remediation has proved to be a rather large challenge for many organizations.

Often an organization will want to fix their vulnerable code, but they’re development team is oversubscribed delivering revenue generating features. Diverting their attention is just not an option. Given the choice, the organization may prefer to pay for the problem to go away. In short, to pay someone to come in and fix their vulnerable code for them.

Generally speaking, penetration-testing, vulnerability assessment, source code reviews, etc. whether speaking of tools or service providers, only FIND the vulnerability, they don’t FIX the code. They provide guidance on HOW they recommend the issue is fixed, but not the code fix itself. That’s the organizations responsibility.

Fortunately there are an increasing number of firms who are ready and willing to perform vulnerability remediation services. They’ll actually show up and fix your code! I’ve been building a list of them (see below) because people ask me about this all the time.

It is very important that this list is NOT considered an official endorsement of any kind as I only have personal experience with a few. If you need a recommendation and/or an introduction, just send me an email directly and I’d happy to help out: jeremiah -at- whitehatsec.com.

  1. Accuvant
  2. AhnLab
  3. Aspect Security
  4. AsTech Consulting
  5. Asterisk Information Security
  6. BCC Risk Advisory
  7. Cigital
  8. Denim Group
  9. Foundstone
  10. Gotham Digital Science [2]
  11. iSEC Partners
  12. KPMG (Australia)
  13. Security Compass
  14. Security Innovation
This entry was posted in Vulnerabilities, Web Application Security on by .

About Jeremiah Grossman

Jeremiah Grossman is the Founder and Chief Technology Officer of WhiteHat Security, where he is responsible for Web security R&D and industry outreach. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, Forbes, NY Times and hundreds of other media outlets around the world. As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on six continents at hundreds of events including TED, BlackHat Briefings, RSA, SANS, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, and UCLA. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. He serves on the advisory board of two hot start-ups, Risk I/O and SD Elements, and is a Brazilian Jiu-Jitsu Black Belt. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo!