Two Years and Counting: Evisort's Journey with Inspectiv
Intro: Evisort is the first Artificial Intelligence (AI)-powered contract management platform. It provides visibility into any document. More importantly, it reduces the risk to those documents by using AI to increase the speed and accuracy of contract review. Therefore, they need to ensure that their platform, which holds sensitive client data and documents, remains secure as they release new features to streamline workflows and elevate the collaboration amongst clients relying on their platform.
What started as a group of lawyers and data scientists developing legal algorithms out of the Harvard Innovation Lab has grown into a leading legal tech provider with industry-defining technology servicing global titans like Microsoft and the Bank of New York Mellon. And their commitment to pushing the envelope on AI innovation and legal technology has only solidified.
Evisort's journey with Inspectiv began mid-2019 when at that point, they were a seed-stage company. Evisort’s CEO, Jerry Ting, was keenly focused on protecting the sensitive data they processed for their clients, and decided to invest in a hardened attack surface from the onset of development.
Initially, their focus was on any sensitive data that could be accessed on their servers. Further attention revolved around whether any security vulnerabilities could be exploited throughout their platform, or if secret keys were somehow published to the web. Ensuring no customer exposure, through many attack vectors, was their highest priority.
Evisort enlisted Inspectiv to perform crowdsourced vulnerability testing. As a bug bounty platform, Inspectiv has thousands of vetted security researchers that continuously test for, and report, application-based security vulnerabilities. Researchers identify any security flaws or sensitive exposures that put systems or client data at risk, and Inspectiv’s triage team confirms the validity and impact of all reported threats.
Evisort's program began in a private mode with only a select group of hand-picked researchers testing their platform, and has matured to a public format where anyone with an Inspectiv profile can test their security and receive a reward for doing so. "Inspectiv's researchers continually demonstrate their ability to find complex vulnerabilities, which makes us stronger as a result. We have them to thank for protecting the data of our clients."
Through two years of bug bounty testing with Inspectiv, Evisort has shown their clients and investors alike just how difficult it is for a motivated group of individuals to identify any security concerns on their platform. The ability to demonstrate that Evisort removed risks across their attack surface helped them secure Series A funding in late 2019, and a Series B in February 2021.
Jerry Ting touts Inspectiv's community of researchers for their continued ability to provide visibility into the risk across his platform, and the Inspectiv triage team for always guiding their engineers through remediation. "Inspectiv has constantly expanded the pool of researchers testing our platform, and we've grown from handfuls of researchers submitting findings to now being open to the entire community testing the security of our platform. Any time a finding is disclosed, Inspectiv's triage team gives superb guidance on how to remediate the flaw, which cuts down our time that flaws exist in production.".
Investing in finding flaws and vulnerabilities in your user interface through external testers is an essential aspect of Dynamic Application Security Testing (DAST), working in perfect combination with internal security testing. Hackers, good and bad, think outside of the box when experimenting with any application’s existing controls, and we’ve seen time and time again that partnering with the white hat hacking community has returned immediate risk reduction across attack surfaces of all levels of maturity.