+++
title = "Who we are"
description = "Veraccord Labs LLC builds LockWire — secure-by-default infrastructure, with the evidence to prove every claim."
weight = 7
sort_by = "weight"
+++

**Veraccord Labs LLC** builds LockWire: secure-by-default infrastructure for
software that has to be trustworthy on the wire and provable after the fact.

Most applications aren't broken by exotic attacks. They're broken by defaults —
the shortcuts every codebase takes when security is hard and the deadline is
real. LockWire is the alternative: the Easy Button that makes the correct,
secure choice the default one, backed by evidence you can read rather than
adjectives you have to take on faith.

## The experience behind it

LockWire is built on hands-on experience securing systems where failure is not
an option — across domains where safety, security, and trust are the same
problem:

- **IoT security** — embedded devices, cloud back-ends, cloud/web apps, and
  mobile applications.
- **Control systems** — embedded controllers, cloud-accessible and on-premises
  servers, thin and thick clients, and fly-by-wire flight controls.
- **Communications** — secure communications over wire, ground-based RF,
  airborne RF, and satellite.
- **Positioning** — radar (airborne and ground-based), GPS and other GNSS
  (GLONASS, DGPS, WAAS, LAAS), including GPS autoland.
- **Cybersecurity** — secure system and software design, requirements, threat
  modeling, and testing; Blue Team and Red Team operations; building
  IEC 62443-based organizations and products; and senior product
  design/cybersecurity leadership at a Fortune 500 company.

The breadth is the point: the traps LockWire removes are ones we have had to
navigate ourselves, in systems where a security defect is a safety defect.

## What we believe

- **Evidence over adjectives.** Threat models, requirement-to-code traceability,
  SBOMs, and a self-audited secure-development process ship in the open, in the
  repositories — read them before you trust us.
- **Secure by default, not secure by expertise.** The out-of-the-box
  configuration is the safe one; an insecure setup should fail at build time,
  not in production.
- **Easy, and delightful.** Designing something secure — a product, an
  application, a website — should be a one-line Easy Button, not a research
  project, and building it should be a pleasure. When the secure path is also
  the path of least resistance, developers take it by default.
- **Standards as the floor.** Our development process is based on IEC 62443-4-1,
  and we engineer against the technical requirements of IEC 62443-3-3 and -4-2
  Security Level 4 — baselines we self-assess against in the open, not
  certifications we claim. Cryptography is FIPS-only.
- **Open, and staying that way.** The security core and CLI are Apache-2.0,
  permanently; every tier — including the source-available AI tier — is
  published on crates.io, never behind a portal.
