ERPScan founder denies US sanctions in open letter to customers

Alexander Polyakov: 'We have nothing to do with Russian Federal Security Service'

Alexander Polyakov, the founder and chief technology officer of security services firm ERPScan has denied having any links with Russia's Federal Security Service (FSB).

Polyakov was commenting after the company was named as one of five sanctioned by US authorities earlier this week.

In a statement released last night, though, Polyakov said that the company would fight the claims and flatly denied any connection, not just with the FSB, but any other government agency.

He wrote: "We have always tried to avoid any political issues and [stay] outside of political events. Now, we regret such an unjust move towards us. Nevertheless, we will pursue our goals related to cybersecurity and develop other markets in more than 35 countries where we operate.

"In fact, it is unfortunate that American companies will not have a competitive market in the ERP Security field, turning our main US competitor into a monopolist without any incentive to innovate."

ERPScan is a penetration testing company that focuses primarily on finding security flaws in major enterprise resource planning (ERP) software packages. As such, it has working relationships not just with Germany's SAP, but also Oracle, Microsoft, IBM and other major software vendors. The sanctions may call into question these links.

"We [have] helped multiple software companies such as SAP, Oracle, Microsoft, IBM, etcetera make their systems secure by identifying security issues and contribute to fixing of more than 600 vulnerabilities in their products always following responsive disclosure and supporting research community.

"We shared our research at over 100 security conferences in more than 30 countries in all continents. Yes, some of our researchers were born in Russia. The point is that this fact is applicable to most of the world's IT companies. We are sorry, we can't change it as well as we can't change the political situation. However, we are able to change the world by making it better and more secure as we did.

"We will proceed to help protect critical SAP and Oracle software from cyber attacks, and it doesn't matter what has happened. All our offices except the one located in the US will operate maintaining our course, and we will continue to fulfil all obligations while working with our partners and customers to produce the most innovative products and secure SAP and Oracle systems."

It remains to be seen, though, whether US authorities accept Polyakov's appeal, and whether existing customers continue to user ERPScan's services, or are scared off, either by the threat of sanctions themselves or by the US Department of Commerce allegations.