Trail of Bits vs NCC Group
Trail of Bits
Co-founded in 2012 by Dan Guido and headquartered in New York City, Trail of Bits combines academic-style security research with hands-on engineering. The firm is best known for advanced software assurance work across cryptography, AI/ML, blockchain, and low-level systems, and for releasing widely used open-source tooling such as the Slither smart contract analyzer.
Pros
- Strong academic and research-grade reputation with published peer-reviewed work
- Open-source tooling footprint including Slither, Echidna, Manticore
- Recognised leader in smart-contract auditing for top-tier protocols
- Engineering depth that translates findings into custom defensive tooling
Cons
- Premium pricing and limited bench means long lead times
- Highly specialised, not a fit for routine commodity pentesting
- No published price list; bespoke statements of work per project
Pricing: Custom (contact sales)
NCC Group
NCC Group was formed in 1999 when the National Computing Centre's commercial divisions were spun out and is headquartered in Manchester, listed on the London Stock Exchange. With 2,000+ staff across the UK, North America, Europe, and APAC, the group operates technical assurance, managed services, and software escrow divisions and is a founding CREST member.
Pros
- Founding CREST member with deep accreditation across CHECK, CBEST, and TIBER-EU
- Recognised research output, including former Cryptography Services and Exploit Development Group
- Broad global delivery footprint with UK government-cleared consultants
- Combines offensive testing with MDR, IR, and escrow under one umbrella
Cons
- Public company under cost-discipline pressure with periodic restructurings
- Project-based pricing per engagement, no public rate card
- Breadth of services means specialist depth varies by region and practice
Pricing: Custom (contact sales)