At Blueriq we care for quality of our product. Of course we have our unit tests and regression tests. Last week we also performed a penetration test (pentest). A pentest is an authorized simulated cyber attack on, in this case, our runtime system. The test is performed to identify both weaknesses or vulnerabilities, as well as strengths. We hired a security agency to do this and they spent three days searching for vulnerabilities and to try and hack our system. The result of this research is a vulnerability report with advise on where we can improve our security.
We can share good news with you, after three days of investigation no serious vulnerabilities were found. We have a few minor things we can improve, but overall the runtime was assessed to be secure. Of course, this doesn’t mean we can lean back now. The last few years we spent a lot of effort to come this far, and we’ll keep improving our platform. We are planning to have a pentest periodically to make sure we keep delivering a secure platform.
This pentest was performed on our platform with typical models that cover a lot of Blueriq’s functionality. As our customers want to make sure their security is on par as well, we teamed up with one of them. In the near future there will be a pentest conducted to assess how secure their Blueriq application is. We are looking forward to see those results.
As I mentioned in the beginning of this blog, we have several ways of testing at Blueriq. Even more testing methods are being used by our teams on the different Blueriq projects. Over the years we gathered useful knowledge and we decided that we want to share this knowledge in an internal knowledge session. However, as this might be useful for every Blueriq community member, we’re going to invite you for this session. Keep an eye out on your mailbox and the community, as the invite will be sent soon and there’s only a limited number of spots.
That’s it for this week. Please reach out to us if you have any questions.