VendorRisk Blog

Trust Guard, Apache & Rails

vr_admin — Tue, 06 Jul 2010 18:59:34 +0000

We recently added the Trust Guard service to VendorRisk.com. As part of the package we purchased, Trust Guard scans our server each day looking for vulnerabilities. On the first scan, it found 4 “medium risk” issues that had to be resolved in order to pass PCI compliance. Here are the issues and what we did ...

New pricing plans

vr_admin — Mon, 03 May 2010 14:18:46 +0000

Over the weekend we released a new version of vendorrisk.com, our vendor management software. Along with a new look-and-feel to the brochure site, we also revised the pricing plans. Originally we had three monthly plans — Bronze, Silver and Gold — that differed by the number of vendors and the disk space allocated to file ...

Round-up of new features

vr_admin — Wed, 24 Feb 2010 20:56:19 +0000

We’ve been pushing out new versions of vendorrisk.com several times a week since we launched in early December. The following are some of the highlights: Charts tab — over 30 charts have been added. Each chart is available in both pie and column formats and generated in real-time. Import contacts from Outlook – to expedite data input, ...

Highrise integration added

vr_admin — Tue, 02 Feb 2010 19:32:09 +0000

We pushed a new version of VendorRisk.com live today that includes integration with Highrise, the popular CRM app from 37signals. If you have an account on Highrise, you can go to the “Highrise integration” link in your VendorRisk admin section and enter your Highrise domain and API key. Once saved, you can use the subsequent link ...

Vendor Management Interview with IT Director of a Bank

vr_admin — Tue, 26 Jan 2010 22:19:58 +0000

Bill Kane is the Director of IT at Boston Private Bank & Trust Company. A few years ago, we developed a vendor management application for the bank’s use, which later became the basis for VendorRisk. We asked him a few questions about their rationale for establishing a vendor management strategy and how the application has ...

Rails, authlogic and password history

vr_admin — Mon, 28 Dec 2009 21:25:07 +0000

vendorrisk.com client sites use the excellent Authlogic gem to handle user sessions. As we mentioned in the previous blog article, we recently added the ability for site admins to declare that users cannot use a password they've used in the past. After a bit of Googling, I didn't see any solutions out there for dealing with this issue, so we rolled our own. Here's how we went about it...

New password enhancements

vr_admin — Sat, 26 Dec 2009 18:52:31 +0000

In his article entitled "How to use Software as a Service securely", author Phil Cox describes how SaaS providers need to better enforce password restrictions to aid in preventing unauthorized access to the application. When we first launched VendorRisk.com, we had the following criteria in place...

Mobile version now available

vr_admin — Mon, 21 Dec 2009 21:37:21 +0000

Over the weekend (blizzard = productivity), we pushed the first iteration of a mobile version of the VendorRisk application. If you access your site from a mobile device, you’ll be given a very low-bandwidth version (no JavaScript, no images, little CSS, no color scheme) of your site. Once you login, you have access to your ...

New module: Hardware

vr_admin — Mon, 21 Dec 2009 21:11:40 +0000

When we first developed VendorRisk.com, we had modules for Services and Software, as that’s what the original client required. When we showed it to several other people, their reaction was “That’s great, but where’s Hardware?” Touche. Over the weekend we added it to the site. There is now a tab up top for Hardware, which has ...

Fun with Rails A/B testing

vr_admin — Sun, 20 Dec 2009 18:25:29 +0000

When we launched VendorRisk.com a few weeks back, we added a very simple A/B experiment to test which sign up call to action worked better. The first two options we chose were “View plans and pricing” and “Try free for 30 days!”. We assumed that the latter would perform better because it sounded more enticing ...