Lab 191

Open Source
Security Assessments

What is a Security Assessment?

As the name suggests a security assessment is the process by which we analyze open source components to ensure they are safe to use. At Lab 191, we use a proprietary methodology, built up from over two decades of industry experience.  Security assessments are the "gold standard" in ensuring safety and security within the open source ecosystem.

Typical security assessments include:

  • Static analysis, using tools including CodeQL and Semgrep.
  • Fuzzing (for parsers and code written in memory-unsafe languages)
  • Human code review
  • Review of open issues, previously-disclosed vulnerabilities, and similar sources

To learn more, click the button below to download a free sample security assessment that we performed recently.

Click here to download a free sample assessment (no signup required).

How it Works

Step 1: Send us your List

The process starts by sending us a list of the open source projects you care about most. We'll review the list and get back to you shortly.

Step 2: We do the Work

We'll begin reviewing each of the open source projects, using our proprietary methodology to identify security risk that others miss.

Step 3: We Report Back

For each component, we'll prepare a custom report describing any security issues we discover and recommendations for safe use.

Get Started

Pricing

Most security assessments are performed for $1,000 (USD) each. Smaller projects (like many npm modules) often cost less, and larger projects can be more. Either way, we'll let you know in advance exactly how much the assessment will cost, so there are no surprises.

Why We're Different

25+ Years of Experience
With over two decades of experience as a security professional and software engineer, we have the skills and expertise you can rely on.
Innovative Tools
We use leading-edge security tools to identify flaws that others miss.
Human Review
All code is reviewed by a living human. That same human validates all tool findings. Because machines haven't taken over, yet.