Oneteam Inc. is a Japanese startup whose eponymous collaboration tool is making businesses more productive. We recently caught up with the company’s lead engineer, Atsushi Nagase, to talk about why he started using VAddy and how effective he has found it to be.
Our company was founded in February 2015 around the idea of “making work fun.” In addition to advising businesses on how to work more productively, we currently offer two collaboration tools for improving productivity: Oneteam and Profilebook.
Our eponymous Oneteam product has a diverse set of features and thus doesn’t encounter much direct competition in the true sense of the word, though there are SaaS chat services that compete on a subset of Oneteam’s features as well as services that compete on data sharing features.
We’d like to share open-source culture with non-engineers, so our products tend to be used more often by companies that have a healthy mix of business planners, salespeople, and other professionals than by startups that have a high percentage of engineers.
Profilebook is built around the idea of increasing visibility among coworkers and is thus generally used by relatively large organizations whose employees don’t often get a chance to see each other.
We worked closely with one of our customers before releasing Oneteam’s open beta, improving the product based on feedback we gathered during this time.
In addition to providing feedback on the user experience, our closed beta customer’s security team also conducted a security audit of the product. By incorporating the security report’s suggestions into Oneteam, we were able to ensure that we released a secure product. At the time, we had a smaller development team and couldn’t devote a lot of time to security audits, so it was very helpful to have a good answer for customers who asked us whether we were running security tests.
Having personally spoken with the VAddy team at my previous job, I had heard of VAddy before and was able to immediately start evaluating it for use at Oneteam when my product manager, Kyohei, asked me about it.
We had considered several other security tools when we decided to sign up for an account with VAddy. Though VAddy’s unique selling proposition was its native continuous integration support, another deciding factor was the fact that VAddy has been developed and run by a Japanese company whose employees we could get to know in person.
We determined that we could easily budget $100 per month for the service. We use a lot of SaaS services from non-Japanese companies, so we weren’t put off by having our credit card charges denominated in U.S. dollars.
We develop our products entirely in-house with a staff of 15 engineers across a handful of teams responsible for—among other things—our API, website, and mobile apps (for both Android and iOS). We use CircleCI for continuous integration along with a mix of programming languages (ProfileBook is written in Ruby and Oneteam is written in Scala).
I and one of my coworkers took charge of setting up VAddy, but neither of us have really touched it since we hooked it into our continuous integration process. It’s comforting to see that green icon on our VAddy dashboard whenever we run a scan and no vulnerabilities are found.
We scan our applications with VAddy at the same time as we deploy our code (about twice a week). After we run our standard test suite on an application’s staging branch, we run VAddy’s Ruby client separately to scan for vulnerabilities using Circle CI.
Incidentally, we are also writing end-to-end tests in Nightwatch.js, but to be honest we find it difficult to continue maintaining these tests while writing new code. I think that the adoption of end-to-end testing will be limited by the adoption of quality assurance (QA) culture, so it would be nice to see QA companies raise more public awareness of this issue.
It’s not uncommon for large companies to ask us to fill out a security check sheet before agreeing to sign up for our service(s). One of the questions on this sheet is inevitably “Do you conduct continuous security tests?” Using VAddy, we can now confidently check the box for this one.
It’s difficult for a company of our size to hire a full-time security engineer. However, by using a tool provided by a company like VAddy that specializes in security, we have been able to confidently release a product that has been vetted by an experienced third party rather than relying entirely on our own internal security reviews.
When running a scan as part of our CI build process, I’d like to be able to check the results in real-time through VAddy’s web API. At the moment, you can’t see any results until after the scan has completed, but it would be nice to know exactly what is being scanned and how much progress has been made at any time during the scan.
Planning, developing and selling communication tools
Address:Daininakayama Building 5F, 3-11-5, Ginza, Chuo-ku, Tokyo, 104-0061, Japan