WHY ROLLING SUBSCRIPTION? THE ECONOMICS OF LIVING TOOLING

People ask why Lateralus Pentester is a rolling subscription at $25/month rather than a one-time purchase or a versioned release with annual updates. The short answer: the threat landscape doesn’t have versions. Your tooling shouldn’t either.

The longer answer follows.

CVE VELOCITY IS ACCELERATING

In 2020, NVD published approximately 18,000 CVEs. In 2025, that number exceeded 29,000. The rate of critical vulnerabilities with public proof-of-concept code is also increasing. The window between CVE disclosure and weaponized exploitation is shrinking — measured in days for high-profile vulnerabilities.

A versioned pentesting tool that releases quarterly cannot keep up with this. By the time you’re running v2025.Q1, three months of critical CVEs have been disclosed that your tool doesn’t know about. You’re testing against last quarter’s threat model.

Lateralus Pentester pushes CVE database updates weekly. High-severity CVEs with confirmed public PoC get expedited pushes within 72 hours of disclosure. The vuln module always reflects the current threat landscape, not a historical snapshot.

// This call always uses the current CVE database
// -- no manual updates, no stale data
let findings = services
    |?> vuln.assess(cve_db: "latest")

"latest" means latest as of the most recent sync, which was in the last 7 days. You can also pin to a specific database snapshot for reproducible audit trails:

// Pin to a specific date for reproducibility
let findings = services
    |?> vuln.assess(cve_db: "2026-04-15")

EVASION SIGNATURES HAVE A HALF-LIFE

EDR and IDS vendors are watching the same tools we are. When a new evasion technique gets published, detection signatures follow within weeks. A evasion module that worked in January may be detectable by March. This is the core adversarial loop of offensive security: techniques get developed, detected, and then evolved.

Under a versioned model, you buy the tool, it has the evasion techniques current at release, and then those techniques gradually go stale as defenders update. By the end of a 12-month license cycle, some subset of the evasion capabilities are now flagged by common EDR products.

Under the rolling model, evasion updates push continuously — not monthly, but as needed. When a significant detection signature update lands from a major EDR vendor, a corresponding bypass update lands in Lateralus Pentester within days.

CLOUD APIs CHANGE CONSTANTLY

AWS, GCP, and Azure all have continuously changing APIs. IAM permission sets get new capabilities. New services launch with new attack surfaces. Service Control Policy behavior changes. The cloud attack surface is not static.

The cloud module gets monthly drops that add coverage for new services and update existing checks to reflect API changes. This is maintenance work that would be unreasonable to bundle into a quarterly release cycle without significant lag.

WHAT $25/MONTH ACTUALLY FUNDS

I want to be transparent about this because I think opaque subscription models are a red flag. Here’s what you’re funding:

• Weekly CVE database sync: automated pipeline from NVD + GHSA
• 72-hour high-severity CVE pushes: manual review + template authoring for critical disclosures
• Monthly module drops: new exploit templates, new cloud checks, new detection capability
• Continuous evasion updates: monitoring EDR/IDS vendor release notes, testing bypass techniques, pushing updates
• No breaking changes: every update maintains backward API compatibility so your existing .ltl pipeline files keep working
• Bug fixes: ongoing maintenance of the nine core modules
• Subscriber community: private channel for engagement questions and template sharing

At $25/month, this is roughly the cost of a lunch with a colleague once a month. For the hours saved on report generation alone in a typical engagement, it pays for itself on the first use.

THE NO-BREAKING-CHANGES POLICY

A rolling update model is only useful if updates don’t break your existing workflows. The worst outcome would be: you spend a day writing a perfect pipeline for your quarterly assessment, an update ships, and the pipeline no longer works.

Lateralus Pentester has an explicit no-breaking-changes policy for all module public APIs. Function signatures are stable. The Finding, ScanResult, Host, Port, and Session struct schemas are stable. Updates may add fields to structs (backwards compatible), add new functions to modules (backwards compatible), and update the behavior of existing functions (when the existing behavior was wrong).

The only exception: security-critical behavior fixes. If a module has a bug that causes it to miss findings or mis-classify severity, that gets fixed even if fixing it changes output. This will always be documented in the update notes with migration guidance.

INSTALLING AND UPDATING

// Install Lateralus Pentester (requires active subscription)
lateralus install pentester

// Check what version you have
lateralus pentester version

// Sync to latest without running an engagement
lateralus pentester sync

// Or just run an engagement -- it syncs automatically
let findings = scope |> recon.discover_hosts() |> ...

Updates happen automatically at the start of each engagement if you’re online. If you’re running air-gapped, lateralus pentester sync --offline generates an update bundle you can transfer manually. This matters for engagements where your box can’t reach the internet during the assessment.

CANCELLATION

If you cancel, you keep the version you have. CVE database updates stop. Evasion updates stop. New module drops stop. The pipeline files you’ve written continue to work with the version you have until an OS-level incompatibility forces an upgrade. No data hostage, no forced migration.

You can also pause rather than cancel if you have a gap between engagements. Paused subscriptions don’t bill but also don’t receive updates. Resume when you need current tooling again.

—

Subscribe at lateralus.dev/pentester. $25/month. Questions: wizard@lateralus.dev.