Paragon Initiative Enterprises

Software consulting and web development for businesses with attention to security above and beyond compliance.

Our Services »

Technology should support your ambitions, not hinder them!

Secure software development philosophy:

Software should be secure by default.
Tools should be simply yet comprehensively secure.
Cryptography is fundamental to security.

About Paragon Initiative Enterprises - Orlando's Foremost Application Security Consultants

About Our Company

Paragon Initiative Enterprises is a team of technology consultants, website and app developers, and application security experts. We specialize in applied cryptography and PHP development.

Technology Consulting and Application Security Servicesby Paragon Initiative Enterprises in Orlando, FL

Professional Services Offered

Paragon Initiative Enterprise's expertise in web development and application security can help you fulfill your vision for your business's future while ensuring the safety and security of your online presence.

Community Software Projects by Paragon Initiative Enterprises in Orlando, FL

Community Projects

From solving challenging security problems to reducing the cognitive load of proven security strategies, we actively contribute towards the betterment of our community, both online and offline.


What P.I.E. Can Do For You


Our company employs industry-leading experts on web application security and applied cryptography. We…

…and offer many other related services. Our specialty is cryptographically secure PHP development.


Latest Blog Post


Solving Open Source Supply Chain Security for the PHP Ecosystem

To assert that "There exist supply-chain security risks" in any software ecosystem doesn't require a formal analysis nor multiple experts to peer review such a notion. It's kind of a given, especially with recent tech news.

However, it's not a new problem. We were vocal about it in 2015, when it was common practice for software projects to tell you to install their widget by running curl http://some-domain | sh in a terminal window. This specific anti-pattern had already been criticized widely by others since at least 2013, but we were more interested in proposing a general solution to secure code delivery.

The only things that have really changed in the intervening years are:

  1. More people are aware of the risks today than 7 years ago,
  2. More disasters have been caused by the lack of supply-chain security for open source software, and
  3. We know it's a solvable problem.

That last item might seem bold, but we've been laying the groundwork for elegantly solving these problems for the PHP ecosystem since our company's inception. We had briefly introduced our complete solution when we announced that WordPress would cryptographically sign its automatic updates in 2019. (If you'd like more depth into this subject, we've previously written about supply-chain security in 2017 and automatic security updates in 2016.)

Part of making an acceptable solution even possible required getting modern cryptography into PHP and writing a pure-PHP polyfill of ext/sodium for legacy versions of PHP. (These are just two of the things that we're known for in the PHP community.)

So with all that in mind, let's take a quick look at Gossamer, our proposal for securing the software supply-chain for the PHP ecosystem.

Continue Reading this Blog Post »


The Latest From Our Security Team


Latest Security Advisory

CVE-2016-5726, CVE-2016-5727 - Simple Machines Forum - PHP Object Injection

There are several instances where data pulled from $_POST (i.e. inside a foreach loop) is passed directly to unserialize(). As a consequence, SMF is vulnerable to PHP Object Injection and possibly remote code execution.

Latest Code Audit Report

JPaseto Audit

Paragon Initiative Enterprises conducted a comprehensive code review of the JPaseto libraary and discovered one medium-severity vulnerability, which was promptly fixed.

More From Our Security Team »


We develop secure and dependable web-based solutions to help your business succeed.