"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba


Disclosure Policy

Codenomicon is a no-disclosure company

Codenomicon develops and licenses state-of-the-art testing tools that are used by the industry to discover flaws. The users of Codenomicon products are responsible for everything they do with the test results. Codenomicon is not responsible for any discoveries, disclosures resulting from the discoveries, or publicity caused by the disclosure.

Codenomicon follows accepted and responsible test reporting processes

Codenomicon has been in the forefront of the development test processes and respective reporting policies since 1996. [1] We keep vendor specific test flaw details confidential. We do not release exploits. We believe in the constructive vulnerability process. [2] This model, developed by us and OUSPG, has been adopted by National Infrastructure Advisory Committee (NIAC) in their recommendations to the President of the USA. [3]

[1] http://www.ee.oulu.fi/research/ouspg/sage/disclosure-tracking/

[2] http://www.ee.oulu.fi/research/ouspg/protos/sota/FIRST2001-disclosures/

[3] http://www.dhs.gov/xlibrary/assets/vdwgltr.pdf