Subgraph OS and Mail: Adversary resistant computing.

Vega Logo

Web application security testing platform.

Orchid Logo

Pure Java Tor client implementation.


Subgraph is an open source security company.

Subgraph writes open source security software and offers security services to organizations of all kinds and sizes.

"One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them..."
- Shannon's Maxim

Cryptographers have long known that algorithms can only be trusted after sustained public scrutiny. We believe this principle extends to software in general. We are strong believers that the transparency of open source software can mean good security.

About Subgraph

Our products

We work on source security software, such as Vega, Orchid, and, most recently, Subgraph OS and Subgraph Mail.

Subgraph OS
Subgraph OS

A user friendly platform for secure communication and computing. Subgraph OS has numerous security enhancements and is designed to protect data and privacy.


Pure Java Tor client and library. Orchid allows for Tor to be easily integrated into applications that run on the JVM. Orchid can also be used as a standalone alternative Tor client.

Vega Web Scanner
Vega Web Vulnerability Scanner

A popular web application vulnerability scanner and security testing platform that helps developers and testers find and fix vulnerabilities such as cross-site scripting (XSS) and SQL injection.



Subgraph has an experienced security consulting practice, and we regularly provide services to clients large and small. This includes penetration testing, architecture and code review, reverse engineering, and other services.

Subgraph is the author and maintainer of Vega, one of the most popular open source web application security testing tools. Our experience developing our own sophisticated tools sets us apart from others.

Our services include:

  • Web Application Security Assessments
  • Mobile Application Security Assessments
  • Network Penetration Tests
  • Code Reviews
  • Security Strategy and Architecture Design
  • Custom Secure Software Development
  • Reverse Engineering
  • Secure Development Training