We recommend and offer security vetting services for commercial software vendors about to release closed proprietary products that include role management and/or encryption features.  A client can make use of such services to inexpensively ‘road-test’ the security features of an application prior to commercial release. 

It is becoming much more common for closed source products to be widely and even publicly alpha-tested, and we encourage this, but there is still a role to be played for dedicated external security testing. 

We typically price this service such that fees are only applicable when security flaws are discovered and documented.
 
Microsoft is a prior user of this service, having contracted our services for an earlier version of Microsoft Access.