Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Bitsight is moving fast, but we don’t want to sacrifice code quality for speed, which is why tests have always played an important role in our development process. Although we are not doing TDD (Test-driven development), one of the key requirements for doing test heavy development is that the full test suite should be fast. If running all tests takes less than 5 minutes, developers are more likely to run them frequently and keep adding more tests. However, Bitsight's portal application is a bit of a monolith and takes longer than we would like to run test suites.
As the Bitsight front end team grows we are investing in our design infrastructure to enable faster development, better collaboration, and a more unified look and feel in our product.
A few months back we added a new feature to the heart of our security ratings portal: the ability for users to not only filter companies in their portfolios, but also to see real-time updated counts of how many "filtered" companies match their selected filter criteria. In practice, this allows users to quickly see, for example, all of their vendors in the Technology or Finance industry with an IP footprint in the U.K or Germany that use Amazon or Google as service providers.
Due to security, reliability, and growth reasons, organizations are constantly upgrading their software to newer releases. Some upgrades are incremental and minor in nature. Others, like the upgrade from Django Rest Framework (DRF) V2 to V3, require coding changes due to incompatibilities between the releases. This article is about Bitsight's upgrade experience, lessons learned, and how we improved because of it.
For the second year in a row, Bitsight gave its engineers, product managers, and data and research scientists the day off from normal work to make something cool. The hackathon day had all the typical stuff: awesome custom-designed t-shirts, pizza for lunch, and a demo day the next day. The only “requirement” for teams was that they produce a working prototype to demo. We wanted actual code (not great code, necessarily, but code), not just design mocks.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as Team Lead, his experience, and more.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about his role as an engineering director, his experience, and more.
Want to know what it’s like to be an engineer at Bitsight? Check out this Q&A with a member of our engineering team to learn about her role as a software engineer, her experience, and more.
Bitsight recently completed a reorganization of a large part of our Single Page Application (SPA) code. Our goal was to make our codebase more scalable and developer-friendly by adding a few simple rules for where different parts of the application should live. In this article, I’ll describe what we left the same, what we changed, and how we did this while continuing to ship features on time.
Read this Q&A with a member of Bitsight’s engineering team to learn about his role as a front-end developer in our Lisbon office, his experience, and more.
Want to know what it’s like to be an engineer at a fast-growing start-up? Check out this Q&A with a member of Bitsight’s engineering team to learn about his role as Engineering Manager, his experience, and more.
Check out this Q&A with a member of Bitsight’s engineering team to learn about his role as a Senior Test Engineer at Bitsight, his experience, and more.
Spend any time in web development and you will be struck by the daunting pace at which the technology landscape changes. The must-have technologies of today quickly become the legacy spaghetti code of yesterday. In some cases, adopting new technology is as simple as adding a new library. Other times, large scale architectural changes need to be made. For those looking to move from traditional server side MVC apps to newer client side single page apps, the migration path is not easy nor clear cut.
This is the final entry in a three-part series on Bitsight’s new Event Store. In the first and second posts, we described some key components of the architecture. Because of the limited number of access patterns we had to support (bulk inserts, mostly in chronological order; full scans, coarsely filtered by key range and time), we were able to implement a simple NoSQL-style database, using flat Parquet files on Amazon’s S3 as the storage layer.
by Nick Whalen and Ethan Geil