Semper Victus

Our experience with grsecurity Pro Support has been outstanding - we use the patchset in custom-built Arch Linux servers running high-throughput NIDS, HIDS, with the relevant data stores and analytical systems within namespaced containers.

These are clustered critical systems with year-round uptimes operating at above 50% load consistently running PF_RING, ZFS, ElasticSearch, Splunk, Suricata, OSSEC (100k events/minute), and Zeek. The kernels are highly customized above the grsecurity patch stack with integrated patches for networking, storage, schedulers, and other functionality. The environment is a HITRUST regulated medical datacenter, making these systems incredibly critical in all aspects (uptime, stability, & performance).

During the ironing-out phase of our transition from version 4.14 to 5.4 of the Linux kernel, Open Source Security, Inc. responded within minutes to triage and assess. Within hours they provided a tested fix for any issues we discovered. Moreover, as we've transitioned to testing an in-house hardened Network OS (VyOS), the team has rapidly (within the same day) provided us with custom patched drivers and support for our development efforts well outside the scope of the patch series for which we buy support.

We work with OS and security vendors the world over for Windows, Linux, BSD, and MacOS. None of them come remotely close to the level of response efficacy and technical expertise which we get with grsecurity, much less defensive effect and resulting standoff/threat mitigation.

This service is critical for entities lacking internal kernel development talent, and important for those who have it to help them advance their expertise through the wealth of information Open Source Security, Inc. shares with its customers in explaining their work.

Boris Lukashev
Systems Architect
Semper Victus