// About
A focused team. A clear mission.
Zyphor was built by researchers who got tired of compliance theater. We do offensive security the way it should be done — deeply technical, transparent, and useful.
Our mission
Make critical software measurably safer. We work with engineering teams that ship fast and want their security work to be technical, not theatrical. Every engagement ends with code-level findings, reproducible PoCs, and a remediation path your developers will actually use.
Security philosophy
- Find real bugs — not noise.
- Treat clients as engineering peers.
- Disclose responsibly, always.
- Open-source what doesn't compromise clients.
- Train internally, never outsource judgement.
Ethical Disclosure Policy
We follow a strict 90-day coordinated disclosure model. Vendors are notified privately within 24 hours of confirmation. Public disclosure happens only after a fix is shipped or the disclosure window has expired in good faith.
Findings discovered during client engagements are never disclosed without explicit, written consent. PoCs are sanitized to prevent weaponization while preserving reproducibility for defenders.