In our line of work we deal with our client's confidential information on a daily basis. It is important to us that our clients feel able to put their trust in us and our ethical position in the industry.

We work under non-disclosure agreements with our clients. We never disclose to any third party information about the work we do without the express prior consent of our client.

We believe that the disclosure of vulnerabilities must be handled responsibily. When we discover a vulnerability in a software product, our policy is to approach the vendor with details of the vulnerability and work with them towards a coordinated release of a security advisory and a patch for the issue.

While we support a responsible disclosure process wherever possible, there are occasions when software vendors do not respond appropriately to a security alert. If we feel there is a serious threat to the community from a vulnerability we discover and the software vendor will not engage with us in a productive dialogue, we reserve the right to release vulnerability details through appropriate channels in order that the community is warned of the threat.