How Solid is Your Security?

Know for Certain
with Tangible Security

Cyber Assessments | Product Security | Consulting

Learn More

Get Our Weekly Newsletter for Top 10 Cybersecurity Trends & News Stories Subscribe >

Great Employees Deserve Great Benefits

And we've got the best on both counts! Check out our lengthy list of benefits. They're just one example of how much we value your contribution to Tangible.

  • Comprehensive medical, dental and vision insurance – very low contribution for employees, with dependent coverage highly subsidized by Tangible
  • Flexible spending account for pre-tax savings on health and dependent care expenses
  • 15 days of paid time off in year one through four; 20 days at hire for Senior Principal level positions and above at hire or beginning in year five through year nine for other staff, and 25 days a year after nine years of service
  • 10 paid holidays, including 4 floating holidays
  • Company-paid life and disability insurance with the opportunity to purchase additional coverage for employee and spouse/children
  • 401(k) with generous company match – 4% match of employee's eligible salary
  • Tuition assistance, certifications and training - up to $5,000 annually
  • Kudos, Applause, Ovation and Standing Ovation awards given in recognition of outstanding employees on the spot, each quarter, and annually with nominations by both management and peers
  • Employee Referral Program
  • Employee assistance program for help with personal issues, child care referrals, financial aid and legal questions, etc.
  • Travel assistance program provides employees and their dependents medical, travel, legal and financial assistance service worldwide.
  • On-site fitness facility with lockers and showers (McLean)
  • ADP Discounts (movie tickets, car, pet and house insurance, gift shop and retail discounts)
At Tangible Security, our philanthropy and community involvement is reflected in our commitment to our employees, to the communities in which we serve, and to cultivating the next generation of scientists and engineers.

We focus on areas that closely align with Tangible’s business mission and values. They include:

  • Supporting our Wounded Veterans’ – Tangible is committed to strengthening services and support for millions of veterans, to include wounded veterans, and military families throughout America.
  • Building the Foundation for the Future through Education – Tangible invests in the people of the company to ensure we embody the breadth and depth of top talent. Tangible also promotes science, technology, engineering, and mathematics (STEM) education in our schools to boost next generation innovation and foster world market competitiveness.
  • Supporting local communities - We are really proud to work with charities and local community organizations to help the betterment of our communities in which we live and work.


We’re proud to support the following organizations, along with many others

Blue Angels Foundation
Alt Text

The Blue Angels Foundation (BAF) supports America’s wounded veterans from ALL services. The Foundation’s mission is to save lives – to provide each vet with a pathway to get “back on track,” to help lift and assist them in regaining confidence and self-esteem so that they can attain a purpose-driven life that has a generational impact. We focus on the continuum of care from when the active duty military wounded veteran is discharged and begins his/her journey to a productive life and career in the civilian sector.

Wolf Trap

Wolf Trap Foundation dedicates a significant portion of its resources to education. It’s at the heart of their mission. Specially, Wolf Trap adapted the Institute’s model for arts-integrated professional development to concentrate on STEM skills development for young children.

Responsible, Ethical Vulnerability Disclosure

This policy does not apply to vulnerabilities discovered as part of client engagements, which are protected under NDA. It only applies to independent research projects where Tangible Security procures and tests publicly available products for vulnerabilities that might affect consumers.

This vulnerability disclosure policy serves as a guideline of how Tangible Software, Inc., doing business as Tangible Security, will handle vulnerability notifications and disclosures to the responsible vendors (maintainers) and the public. It is the policy of the company to ethically and responsibly disclose security vulnerabilities in a manner that provides the most benefit to all parties. The disclosure process also serves as a formal method to inform both the maintainer and the community of the issue and a solution, if one exists.


  • ISSUE - The flaw, vulnerability, or problem, which is the subject of a disclosure.
  • MAINTAINER - The individual, group, or vendor, that maintains the software, hardware, or resources that are related to the ISSUE
  • DATE OF CONTACT - The point in time when Tangible Security notifies the MAINTAINER.
  • All dates, times, and time zones, are relative to the Tangible Security, office in McLean, Virginia, USA.
  • A work day is defined with respect to Tangible Security, work schedule but is assumed to be Monday - Friday with the exception of holidays recognized by Tangible Security.


  • (1) Tangible Security will send an email regarding the ISSUE to the MAINTAINER. The DATE OF CONTACT is the point in time when the email has been sent.
  • (2) The MAINTAINER is to be given 5 working days from the DATE OF CONTACT; should no contact occur by the end of 5 working days, Tangible Labs will review the ISSUE and decide a next course of action that may include public disclosure.
  • (3) Requests from the MAINTAINER for help in reproducing problems or for additional information will be honored by Tangible Security, including by providing configuration details and reproduction steps.
  • (4) The MAINTAINER is responsible for providing regular status updates (regarding the resolution of the ISSUE) at least once every 5 working days.
  • (5) The MAINTAINER is encouraged to coordinate a joint public release/disclosure with Tangible Security, so that advisories of problem and resolution can be made available together.
  • (6) If the MAINTAINER discontinues communication at any stage of the process for more than 10 working days after DATE OF CONTACT, Tangible Labs will consider MAINTAINER non-responsive and decide a next course of action that may include public disclosure.
  • (7) 30 days from the DATE OF CONTACT, Tangible Security may, at its discretion, publicly disclose the vulnerability. We believe that by doing so, the MAINTAINER will understand the responsibility they have to their customers and respond appropriately. Requests by the MAINTAINER to delay public disclosure will be handled on a case by case basis.
  • (8) When disclosing a vulnerability, if possible, Tangible Security will endeavor to do so in a limited way that includes mitigation suggestions intended to enable the defensive community to protect the public.
  • (9) Tangible Security discloses vulnerabilities for the public benefit; therefore, Tangible will not accept prizes, "bounties", or other payments for doing so. In no cases will a vulnerability be "kept quiet" in exchange for such a payment, or because a MAINTAINER does not wish to address the vulnerability.
  • (10) Tangible Security may move a disclosure to an earlier or later date, depending on specific circumstances, such as when (a) a vulnerability is exploited in the wild; (b) vulnerability information is made publicly available by a third party; (c) fixes are particularly difficult to build; or (d) a vendor is non-responsive after reasonable efforts to engage them in developing a fix.
  • (11) Tangible Security reserves the right to privately share vulnerability discoveries made during independent research at any time with customers or other third parties in order to help secure systems from attacks.

Communication Guidelines

All communications related to disclosures either from or to Tangible Security shall use the This email address is being protected from spambots. You need JavaScript enabled to view it. address. If the MAINTAINER wishes to encrypt all communications, they should explicitly state this requirement and provide us with their PGP/GPG public key. Our public key for This email address is being protected from spambots. You need JavaScript enabled to view it. can be downloaded from here.
Get our PGP/GPG Public Key