Who we are

View as Markdown

Veraccord Labs LLC builds LockWire: secure-by-default infrastructure for software that has to be trustworthy on the wire and provable after the fact.

Most applications aren't broken by exotic attacks. They're broken by defaults — the shortcuts every codebase takes when security is hard and the deadline is real. LockWire is the alternative: the Easy Button that makes the correct, secure choice the default one, backed by evidence you can read rather than adjectives you have to take on faith.

The experience behind it

LockWire is built on hands-on experience securing systems where failure is not an option — across domains where safety, security, and trust are the same problem:

  • IoT security — embedded devices, cloud back-ends, cloud/web apps, and mobile applications.
  • Control systems — embedded controllers, cloud-accessible and on-premises servers, thin and thick clients, and fly-by-wire flight controls.
  • Communications — secure communications over wire, ground-based RF, airborne RF, and satellite.
  • Positioning — radar (airborne and ground-based), GPS and other GNSS (GLONASS, DGPS, WAAS, LAAS), including GPS autoland.
  • Cybersecurity — secure system and software design, requirements, threat modeling, and testing; Blue Team and Red Team operations; building IEC 62443-based organizations and products; and senior product design/cybersecurity leadership at a Fortune 500 company.

The breadth is the point: the traps LockWire removes are ones we have had to navigate ourselves, in systems where a security defect is a safety defect.

What we believe

  • Evidence over adjectives. Threat models, requirement-to-code traceability, SBOMs, and a self-audited secure-development process ship in the open, in the repositories — read them before you trust us.
  • Secure by default, not secure by expertise. The out-of-the-box configuration is the safe one; an insecure setup should fail at build time, not in production.
  • Easy, and delightful. Designing something secure — a product, an application, a website — should be a one-line Easy Button, not a research project, and building it should be a pleasure. When the secure path is also the path of least resistance, developers take it by default.
  • Standards as the floor. Our development process is based on IEC 62443-4-1, and we engineer against the technical requirements of IEC 62443-3-3 and -4-2 Security Level 4 — baselines we self-assess against in the open, not certifications we claim. Cryptography is FIPS-only.
  • Open, and staying that way. The security core and CLI are Apache-2.0, permanently; every tier — including the source-available AI tier — is published on crates.io, never behind a portal.