Lift Security from &yet

We’re on your side.

Let’s rise above the bad guys together.

graphic of balloons floating over something like razor wire


We'll comb through your app and identify and prioritize spots for improvement.

Security's a climb, not a country club. We'd be honored to be your sherpa along the way.

We can assess your security and chart a course from wherever you're at.


We don't throw stones. Developers get beaten up enough when it comes to security.

We love to help devs avoid pitfalls common to the web and unique to their platforms and architecture through our security education and training program.


We research intrusion methods and identify new vulnerabilities in widely-used technologies.

We're motivated to make the web better for good guys everywhere.

“Friendly, knowledgeable, efficient.
A pleasure from the start.”CodebaseHQ
“We sleep better at night.”Max Cameron, Kera

Our work speaks for itself

  • Reported vulnerabilities for Node.js, Django, Path, Verizon/Sprint MiFis, Basecamp, Rackspace, UStream, Redis, NameCheap, and more.
  • Advised well-known companies and apps, including GitHub, Airbnb, Lastpass, Hostgator, plus [REDACTED] and [REDACTED].
  • Security Lead Adam Baldwin has presented on security topics at DEFCON, DjangoCon, Toorcon, JSConf, and krtconf.

Why we do what we do

Being a ten-year security veteran can make a guy go all navel-gazey at times and start asking himself, “Am I really helping people?” and “Does anyone even care about security?”

&yet's Chief Security Officer Adam Baldwin decided that where the norm was to knock developers down and laugh at them, he'd build a security service that helped developers succeed.

Good developers (like you!) care about security, but it's just such an overwhelming task at times.

Adam, Matt, Jon and David help our team at &yet ship secure code through education and review. They can help your team, too—and they'd love to.