Information Security Research

At Lab Mouse, our goal is to improve the security of the Internet through offense-based research. After over a decade of success in bleeding-edge zero-day vulnerability research, we believe that looking at defense from an adversarial perspective is the only viable way to design resilient and cost-effective technology. Thus, we spend our time evaluating software, services, and devices from the attacker's perspective. 

This results in three types of research: vulnerability reports, security guides, and defense technologies. Reports are used to resolve specific technical issues in software. Guides help engineers build security hardened systems. Defense technologies enable teams to deploy production quality systems faster and safer than ever before. 

Security Guides

Erlang Security

Our founder, Don A. Bailey, is releasing a multi-phase project on Erlang security research. This project's first release is the public talk "In Defense of Erlang", given at LambdaConf 2016. The slides are available here. This space will be updated when more research has been made available in the upcoming weeks. 

GSMA IoT Security Guidelines

Lab Mouse's research on IoT Security has been updated and released in partnership with the GSMA. Our founder, Don A. Bailey, wrote these guidelines with assistance and edits provided by a global team of cellular carriers, manufacturers, and researchers, such as AT&T, Verizon, Orange, Telit, Telenor, Gemalto, Ericsson, and more. The current version of these guidelines can be reviewed here

Vulnerability Reports

Upcoming Releases:

LMS-2016-05-27-2: ERLANG Large Hadron 

LMS-2016-05-27-1: ERLANG LICK Bug


Past Releases:

LMS-2014-06-23-1: Erlang OTP CHICKEN

LMS-2014-07-10-1: CloudFlare GoLang LZ4

LMS-2014-07-09-1: lz4-ruby

LMS-2014-07-07-1: python-lz4

LMS-2014-06-16-6: LZ4 Core

LMS-2014-06-16-5: Linux Kernel LZ4

LMS-2014-06-16-4: FFmpeg LZO

LMS-2014-06-16-3: Libav LZO

LMS-2014-06-16-2: Linux Kernel LZO

LMS-2014-06-16-1: Oberhumer LZO

To learn more about our process, or engage us in research, reach out to us via our contact page.