This is an interview with Patchstack co-founder and CEO Oliver Sild originally posted on Website Planet. Read the original article written by Ditsa Keren here.
In the Patchstack interview for Website Planet Oliver talks about how Patchstack allows digital agencies and web developers to monitor and protect websites from third-party code vulnerabilities.
Read a short version of the interview below.
What sparked the idea of Patchstack, and how has it evolved so far?
Before founding Patchstack, I was running a digital agency where I got acquainted with the problem that we are solving today.
We were building websites using open-source content management systems like WordPress, Joomla, PrestaShop, and Magento, and were having a hard time keeping up to date with all the different plugins, themes, and widgets we were using on those websites.
So, we built an internal tool that would track down which of our customers have which versions of which software installed. Once we found a vulnerability somewhere, we’d make sure that none of the customers were affected by it.
Once we found a vulnerability somewhere, we’d make sure that none of the customers were affected by it.
– Oliver Sild
Like many other amazing products, it all started with a spreadsheet. Fast forward from there, we realized that we’re not the only digital agency or web developer-facing this issue.
Eventually, we decided to focus on that internal tool and build it into a product. That’s how Patchstack was born and it’s been a pretty interesting journey ever since.
In the beginning, we provided our service directly to website owners. In most cases, they had some developer who built the website for them, and they didn’t have the technical know-how required to update their plugins.
That was one of our earliest challenges and we set out to make everything as easy as possible for website owners.
Since then, we’ve shifted into a B2B model. We now provide technology services to developers and digital agencies, but we still keep that usability-first approach.
We recently rebranded as Patchstack and currently, it is used by over 40,000 developers all around the world and preventing up to 1 million attacks per month.
So how does Patchstack work?
Once you’ve signed up and added your websites, Patchstack will do all the configurations for you.
Then, on your dashboard, you’ll be able to see how many code components or plugins were installed on your website, which ones are outdated or vulnerable, and whether you have any other security issues on your websites.
If vulnerabilities are found, Patchstack will automatically apply virtual patches to your website. You can imagine it as firewall rules made specifically for plugins vulnerabilities.
It blocks the attack by patching the security issues in those plugins and filtering out any traffic that tries to exploit the website. This can help website owners to avoid malware infections, SEO damage, traffic diversion, and other damages that happen when you get hacked.
From thereon, reports are generated automatically to your email or Slack. Developers can share the reports with their clients via PDF to show them how they are keeping their website secure with Patchstack.
How do you source information about vulnerabilities?
Whenever a vulnerability is reported, our software automatically patches it so that even if someone tries to exploit the affected websites, they will not succeed.
Behind the scenes, we have the Patchstack Red Team, which is the community of cybersecurity experts who find and report those vulnerabilities to the database. You can compare it to HackerOne or Bugcrowd, where hackers are finding vulnerabilities within the software.
If they find anything, the owner of the software pays them for fixing it. In our case, it’s Patchstack who is paying the researchers directly. It’s an ecosystem all interlinked together.
Want to keep reading? Read the full original article here.