0xche conducts security engagements for civil society organizations and specializes in the Latin America region. Their focus relies on reverse engineering and penetration testing applications (web, mobile, and desktop), networks, and physical devices. 0xche also conducts vulnerability assessments, technical research, training, and source code audits for civil society organizations.

7ASecurity looks forward to helping OTF Security lab applicants with assessments tailored to their threat model and needs. They welcome requests from those looking to secure their web, mobile, and desktop applications; as well as cloud/infrastructure, servers, threat models and supply chains. Prior public pentest reports can be found here and testimonials here.

Assured is a Swedish security consultancy that specializes in a wide range of services including penetration testing and security assessments for: web and mobile applications; IT/OT/cloud infrastructure; active directory environments; IoT devices; embedded and automotive systems. Their expertise also includes adversary simulation and assessing a project’s detect-and-respond capabilities. Prior public pentest reports can be found here.

Atredis Partners is an employee-owned company made up of some of the best hackers and security researchers in the United States and Canada. They do advanced, research-driven penetration testing on a wide range of targets, from mobile to embedded to complex applications and cloud services, and advise their clients on emerging threats and complex information risk. Prior samples of work can be found here.

Convocation Research & Design (CoRD Labs) is a research, policy, and investigative think tank working at the intersections of cybersecurity, design, and human rights. CoRD welcomes requests for security-by-design reviews (early-stage assessments), public safety audits, application security serview, and pentesting.

David & Pablo are digital protection experts with a combined 35 years in supporting civil society in the Americas region with their expertise in information technology, database development, open-source solutions, and secure encrypted servers. They provide expert guidance on digital security best practices, risk analysis and mitigation through organizational digital security audits, institutional policies and open-source IT infrastructure. They also audit  mobile and web applications to assess security and privacy vulnerabilities.

Include Security is an offensive assessment consultancy focused on technical assessments and pentesting. They can hack almost any technology in 38 programming languages primarily across software, hardware, cloud, and infrastructure security assessments. They’ve loved working with OTF since 2016 to help open technologies that promote the core tenants of online freedom.

Interlab is a non-profit organization based in Seoul with a mission to create a resilient digital safety net for the freedom of citizens through research on cyber threats toward civic society. They’re looking forward to reviewing requests for public safety audits with a focus on the Southeast Asia region.

Radically Open Security performs code audits, penetration tests (web and mobile), cryptographic audits, systems and networks audits, organizational and operational security training, and provides detailed reports on findings alongside recommended solutions.

Spirula has expertise in pentesting websites and mobile applications and specialize in projects focused on the SWANA region. They aim to holistically consider software health by analyzing code security, stability, and agility, while considering the legal, social, and political aspects of where projects are deployed. 

SRLabs is a hacking and security think tank based in Berlin. Their team’s expertise covers everything from encryption, (mobile & web) application hacking, fuzzing, code review, as well as organizational security. They even have expertise in blockchain code audits! SRLabs’ hacking research can be found here.

Subgraph is a Montreal-based security company that builds open-source security software and provides security consulting services, including application security review and penetration testing. Subgraph has been an OTF grantee itself with Subgraph OS and is excited to support other OTF projects. More information can be found here.