Send e-mail to ACROS SecurityACROS Security's public PGP key  


ACROS Application Security Analysis

With this "Vulnerability Extermination" service we find security defects in banking, commerce, business, mobile, virtualization, security and other software that you develop or use before anyone else finds them.

Some of our most demanding customers hire us for finding critical vulnerabilities in products built by security-knowledgeable people, reviewed with best automated tools and analyzed by other experts.

And they like what we find.

>> More...

ACROS Penetration

In a simulation of a real "Advanced Persistent Threat" attack against your information system, we become your friendly attacker and try to penetrate into the most critical parts of your networks, databases, services and applications in a controlled and managed fashion.

A test like this is the only way to see how well you're really prepared for a targeted attack.

>> More...


We help you reach informed security-related decisions in application development, when setting up online services and protecting your IT infrastructure.

>> More...



"We routinely engage ACROS Security when we need a security review of our most popular products."

(CSO at global software vendor with multi-billion revenue)

"We've been leveraging ACROS to perform pentests on most of our acquisitions and we've been very happy with their services."

(Project contact at leading global online company with hundreds of millions of registered users)

>> More...


It has always been our strategy not to specialize in any particular technology. We're constantly surprising our customers with security defects in desktop or mobile applications, on any operating system, in office devices, network equipment and appliances, complex web applications and online banking systems, anywhere from smartcard applets and web applications to virtualization engines and language interpreters.

>> More...

Acknowledgments &

Many of the world's largest software vendors have fixed vulnerabilities we reported to them and thanked us for helping them keep their users secure.

>> More...

About ACROS Security

ACROS Security is specialized in providing advanced security analyses of products and systems. Our in-depth security research pushes the boundaries of global knowledge, keeps our customers ahead of competitors and users safe from attackers.

We work for leading financial institutions, software vendors, online service providers, cloud providers, virtualization solutions providers and others who consider security of their products, information and services critical.

>> More...

Follow Acros Security on Twitter
...for updates on our security research.

ACROS in the Media (highlights)

SecTor, "If Vendors Won't Patch Their Software, This Firm Will"

Help Net Security, "Actively exploited zero-day in IIS 6.0 affects 60,000+ servers"

Help Net Security, "Reinventing software patching, curing big security holes" (podcast)

BetaNews, "0patch pushes out another Windows patch, but will leave the real work to Microsoft"

SC Magazine, "Third party develops temporary patch for Microsoft flaw that Google disclosed"

Softpedia, "Unpatched Windows Vulnerability Made Public by Google Gets a 3rd-Party Fix"

RTL Nieuvs, "Softwaredokter 0patch houdt je computer automatisch veilig" (in Dutch)

TechBeacon, "Crowdpatching call-to-action: How micropatching can make it happen"

Help Net Security, "0patch: Microscopic cures for big security holes"

TechTarget, "Crowdsourced vulnerability patching could save us all"

>> More media references...


0patch blog: "0patching the 'Immortal' CVE-2017-7269"

"0patching another 0-day: Internet Explorer 11 Type Confusion (CVE-2017-0037)"

0patch blog: "0patching a 0-day: Windows gdi32.dll memory disclosure (CVE-2017-0038)"

ACROS presented "Fixing the fixing" at the RSA Conference 2017 In San Francisco. Slides are here

ACROS presented "0Patch: Be Your Own Software Doctor" at 2016.

0patch blog: "Patch to Self - The Birth of the World's First Self-Healing Micropatch"

0patch blog: 0patching Foxit Reader's Heap Buffer Overflow Vulnerability CVE-2016-3740


0patch is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes (much less reboot the entire computer). Brought to you by ACROS Security.