Open Source Security

Subgraph is an open source security company

We believe that open source means good security. Security technology needs to be secure, and resilience in the face of public scrutiny is one of the best ways to get there. In this era, most people would not trust a proprietary, obfuscated cryptographic algorithm. So why do they trust proprietary, closed-source security technology?


The founders of Subgraph have deep roots in the world of open security research. They have built commercial successful security technology. Subgraph is the product of this experience and a strong belief in the real value of open source software.

David Mirza Ahmad


David has over 10 years in the information security business. He started his professional experience as a founding member of Security Focus, which was acquired by Symantec in 2002. David also moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years. He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model and served as editor for the Attack Trends section of IEEE Security & Privacy for over three years. His current obsession is building Subgraph, a Montreal-based open source security startup.

Bruce Leidl


Bruce has been developing innovative network security software for the last 12 years at companies such as Secure Networks, Inc., Network Associates (now McAfee), SecurityFocus (acquired by Symantec), and Core Security Technologies. As a security researcher he has published several vulnerability advisories including an exploitable heap overflow in the TCP reassembly component of the Snort IDS. Bruce was also a principal developer on the open source Netifera platform.