From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
IndustryComputer security
FateAcquired by McAfee
FounderGeorge Kurtz
Eric Schultze
Stuart McClure
Chris Prosise
Gary Bahadur
William Chan
Headquarters2821 Mission College Blvd.[1] Santa Clara, California, United States
Area served
Key people
William Hau
Intel Corporation

Foundstone is a practice within McAfee Professional Services that provides computer security services.


Foundstone was founded in 1999 by George Kurtz, Eric Schultze, Stuart McClure, Chris Prosise, Gary Bahadur, and William Chan. The company primarily provided information security consulting services then later created the Foundstone Enterprise Vulnerability Management product. Foundstone was acquired by McAfee in 2004. After the acquisition, the product team was integrated into McAfee's product development group and the services team was separated out into the Foundstone Division. Later the various service divisions of McAfee all merged under a single new division, called McAfee Professional Services and Foundstone became a group within it. Although Foundstone is owned by McAfee, it stays vendor neutral in order to remain impartial in its services.[citation needed]

Services and Training[edit]

The company's services are divided into four categories: Incident Response and Forensics, Strategic, Tactical, and Training with core services in the following:

  • Incident Response and Forensics: The investigation, assessment, and containment of computer attacks and malware outbreaks.
  • Infrastructure Assessments: The security evaluation of networks and systems to identify software and configuration vulnerabilities.
  • Software Security Assessments: The identification of hardware and software vulnerabilities through black box, white box, and gray box testing.
  • Program Development and Risk: The development of information security programs, policies, and procedure. Also included within these services are information security risk assessments.
  • Training: Public and private classes on ethical hacking, incident response and forensics, and software security,

Community Involvement[edit]

Foundstone has maintained a presence within the computer security community through speaking engagements, free tools, whitepapers, and other initiatives. The company was one of the first to publicly offer their penetration testing methodology, described in the Hacking Exposed series of books.

The Hacking Exposed series of books were written by three founders of Foundstone: George Kurtz, Stuart McClure, and Joel Scambray.[2] Foundstone employees often contribute to newer editions of the series. Foundstone employees have also authored other books such as "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services" and "Web Hacking: Attacks and Defense".
The company has released a number of white papers on computer security, compliance, and policy development.
Free Tools[4]
Free software such as Superscan and Hacme Bank have been released by Foundstone since its early inception. The security centric tools provide aid to penetration testers in ethical hacking and teach software developers security fundamentals.
Open Security Research
In 2011, Foundstone began sponsoring Open Security Research,[5] a project dedicated to sharing computer security information. Open Security Research currently consists of a blog[6] and YouTube channel.[7]


  1. ^ "Contact US". McAfee. Retrieved 2012-05-15.
  2. ^ "Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out". Forbes. Retrieved 2016-09-17.
  3. ^ "Whitepapers". Foundstone. Retrieved 2012-06-18.
  4. ^ "Free Tools". Foundstone. Retrieved 2012-06-18.
  5. ^ "Open Security Research". Foundstone. Retrieved 2012-06-18.
  6. ^ "Open Security Research Blog". Foundstone. Retrieved 2012-06-18.
  7. ^ "Open Security Research YouTube". Foundstone. Retrieved 2012-06-18.