episec about episec services offered pricing of services press releases contact us people: public employee pages security: methods and methodologies learning: episec custom courses site map the episec guarantee
 



The Episec Guarantee


We'll be the first to tell you that our guarantee is somewhat limited. This is because we can't vouch for others' code; only for what we do ourselves.

Summary: If anyone can compromise your system through a service we secure, we will refund everything your company spent on retaining our services.

A more detailed explanation is obviously necessary here. As an example, say we secure your nameserver -- nameserver x. If a new security hole is discovered in nameserver x tomorrow, there's a possibility that an individual could breach your server. The idea behind our guarantee is that even if this were to happen, your server is safe.

We can't offer our guarantee for everything. Commercial software, for example, is generally created with ease-of-use, as opposed to security, in mind. Many commercial servers run as root and even perform checks to ensure that they are run as root. As we do not have the source code to these products, we cannot modify their behavior. We will take what steps we can, but no promises are made.

Additionally, we cannot protect against kernel-level security holes. This type of problem rests solely on your operating system vendor.

And of course, if one of your company's administrators were to modify the service environment, we cannot vouch for its integrity. However, we recognize that modification of server content is an everyday task at many companies. Therefore, if your modified service is compromised, we'll evaluate the situation to determine whether its security was jeopardized by those modifications. If not, the guarantee holds.

If you'd like to try and save some money by hiring a consultant specifically for the task of breaching your systems, we welcome the effort. In fact, we encourage this sort of extra testing.

We'll let you know which services are (or aren't) subject to our guarantee. If in doubt, drop us a line and ask if a particular service of yours would be covered. You may also be interested in sponsoring a service that's important to your company -- even commercial services can be secured. Check our faq question on service sponsoring.

Note that the refund offered covers services performed per a single instance. If we've secured your network in the past, the prior service costs are not included. Additionally, if you spend money on hardware or software at our recommendation, these are costs paid to the hardware or software vendor. We cannot offer a refund of these.

The guarantee lasts for four months after we complete work on your network. This should be more than enough time for any hired crackers to deliver their best shots.