snowy mountains

Are You Drowning in Linux Kernel CVE Noise?

We know your products and systems can't be updated every week based on unverified CVE information. Address true risk by protecting against entire classes of vulnerabilities and exploitation techniques. Our Pro Support ensures you make the most of attack surface reduction and our proactive defense in your products.

snowy mountains

The Keys to the Kingdom

Not securing your Linux kernel adequately is like giving attackers that have infiltrated your web apps or networks the keys to the kingdom. Compromising the Linux kernel makes it almost impossible to find these attackers on your network, despite EDR tool and other security investments.

snowy mountains

End-to-End Linux Kernel Protection

Other alternatives purport to offer protection against Linux kernel attacks, but only grsecurity fully specializes in preventing zero-day attacks and sophisticated memory corruption exploits on widely-used Linux kernel versions. No other vendor offers as much to fully secure your Linux-based products or internal systems.


I don't usually endorse security products, but I will say that when it comes to Linux security, the ONLY .. and I mean ONLY Linux systems that me or anyone I know have not been able to consistently achieve privesc against are grsecurity protected systems.

Few, if any, people can lay claim to a bigger impact on modern exploit mitigation than the PaX and grsecurity teams. Their work has shaped how security works today, and they continue to remain at the forefront. Grsecurity is built and trusted by experts.

Draper strongly recommends grsecurity to all of our Department of Defense (DoD) customers so they have the latest and state-of-the-art in vulnerability prevention and exploit defense.

When building systems that hold sensitive customer data, no other platform is as trusted by professional security engineers, like those at Immunity, than grsecurity. We have 15 years of experience breaking systems, and grsecurity has 15 years of experience protecting them from people like us.

A lot of work has been done in the past 17 years on exploit mitigations - some practical, and some effective. Very few mechanisms were both practical and effective. The grsecurity and PaX team have been behind almost all of them.

The people behind grsecurity/PaX are pioneers in computer security. Your Linux servers are in good hands with them.

During the Bugtraq "golden era" I witnessed first-hand the direct effect of the pioneering research by the grsecurity and PaX team on real world vulnerability exploit feasibility. What was once possible with a simple stack overflow now requires a complex multiple-vulnerability bug chain.

You can thank Grsecurity/PaX for many of the memory safety mitigations the world relies on today. These projects redefined software security.

PaX and grsecurity are world class innovators in software security. They have played a pivotal role in creating multiple exploit mitigation technologies that are now considered industry standard.

grsecurity and PaX have driven the state of the art in effective and realistic exploit mitigations for the past 17+ years. They've defined what are now considered industry standards and are still ahead of what's coming in the future elsewhere.

Latest News