Faster Than Light

We run security tests on code 1000x faster than any competitor

Follow Faster Than Light to be notified if they later decide to raise funding.

Highlights

1
CTO cofounded and sold Vindicia for $115M. CEO helped launch Everyday Health (IPO) and Brave ($35M ICO).
2
Made $325K+ in revenue in our first year. Achieved product/market fit with FinTech startups. We built BugCatcher to automate that work.
3
Backed by Techstars London & AI Seed. 1200+ companies applied to Techstars London & only 10 were accepted.
4
Admitted to the Creative Destruction Lab, highly selective program in Toronto for Deep Tech startups worldwide.

Our Team

Elissa ShevinskyCEO
Launched several successful startups since 1999 - Geekcorps (acquired), Everyday Health (IPO), Daily Steals, and Brave ($35M ICO.) Skills: Building developer communities, Shipping security products, Sales.

Developers want to write high quality, secure code. But no one wants to spend hours doing configuration and waiting for tests to run! We built this tool to make testing easier for developers. Then we realized that it solves an even bigger problem for people with large codebases (growing startups, consultants and large enterprise companies.)

Brett ThomasCTO
Protected 200M+ credit cards as CTO and Co-Founder at Vindicia. Sold Vindicia for $110M to AmDocs. Previously built eMusic (sold to Universal.)

Our First Product: BugCatcher

Below is a screenshot from the web application. It's easy to run a test. Those tests are stored in your account, so it's easy to view past results.

Completed tests can be downloaded on JSON or in a beautiful PDF report. The PDF report is useful for sharing with a manager or teammate. We would create reports similar to this as security consultants for cryptocurrency startups.

BugCatcher reports are well organized, and easy to read. We show the highest priority bugs first, at the top. (Many tools show the bugs in the order that they were found, which is less helpful.) 



What Makes BugCatcher special?

It takes most companies with a large code base 8-10 hours or more to complete their security scans. Some companies solve this by just doing less scans, or not running these tests at all. This comes with some security risk. There were 3,813 data breaches reported in the first six months of 2019, according to a report by Risk Based Security. That report details how most of those hacks, impacting both large and small companies, happened because companies failed to implement basic security best practices.  In one case,  American Medical Collection Agency is filing for bankruptcy following an expensive data breach. 

 Most Fortune 1000 companies aren't willing to cut corners on information security, so they simply deal with the bottlenecks and expenses that come with following best practices.

BugCatcher solves this problem, by running these scans in 15 minutes or less. 

How do we do it? Traditional software scanning tools (think of Veracode or Sonarqube, or open source tools like Pylint or PyTest) scan files one at a time. That's why the tests take so long to run. If there are 999 files, each of those files has to wait for its turn to be scanned. BugCatcher uses a revolutionary, innovative, proprietary process to scan multiple files at the same time. (We do this by running the scans inside Docker containers, inside AWS, for those interested in more technical details. For a technical deep dive, message Elissa @ fasterthanlight.dev to set up a chat with the CTO or member of the dev team.)  


How much money can we make, as we bring this technology to market? The pricing page for Sonarqube's parent company, Sonarsource, is relevant here. It's common for enterprises to do pilot programs for $10k  - $100k for testing software. It's also typical for the leading testing companies to do annual on-premise contracts (meaning that the enterprise companies are running the software on-site, rather than relying on AWS or Google to host the software) for over $500K. Pricing is based partly on the size of the code base.

For developers: BugCatcher is built on top of existing open source tools. It's free, and it's very fast to sign up. Just go to the BugCatcher website, click for Google authentication, and you're in! Developers can either use our beautiful web interface or our CLI tool. 

The free tier of BugCatcher currently supports Python and Java. This tier is most useful for developers, open source projects and small businesses. 

But How Good are Our Tests? Very good!

In truth, our tests are currently EXACTLY as good as the leading open source tests. That's because we built on top of open source tools like Bandit and Findbugs. Our results are exactly as good as the leading open source tools (which are widely regarded to be excellent.) These tools take a long time to set up. That's extremely frustrating for junior developers.  Even senior developers can struggle with getting open source testing tools up and running, as there can be any number of reasons why set-up won't complete. (It could be that the project is undergoing maintenance, or that the tools require the latest versions of certain software packages etc.) BugCatcher eliminates the frustration and the time spent setting up and configuring these tools. And we offer this free of charge to the developer community. We hope that the community finds this useful!

But excellent test quality isn't good enough. One of the leading complaints about static analysis tests are that they have too much noise. This is similar to the experience of using Grammarly or Spellcheck. With Grammarly, the results are useful -  but there's so much noise to sort through. 

In the next year, we plan to collect data from customers about which security issues they consider to be highest priority. We're also going to gather data about which issues are the most frequent.  We can use this data to produce more accurate results in the future, specifically for FinTech companies. That's just one slice of the market but it's a huge slice.  The FinTech market is estimated to grow to USD 305.7 billion by 2023. Besides market size, it makes sense to start in FinTech because banks (and other companies handling funds) understand the importance of securing their code. The stakes are high, and so FinTech companies are prepared to spend the time and money on best practices.   

Getting to Product/Market Fit in 2018: Securing FinTech Startups

We got our start doing security scans and reports for Cryptocurrency startups, under the name Soho Token Labs. We've spent the last year automating that work, and the result is the BugCatcher software. We also changed our name to "Faster Than Light." This better reflects our focus on efficiency and speed for developers and companies.

Our first customer was a month long "audit" for the 0x project. The 0x project is one of the most highly regarded companies in the Ethereum space. They blogged about our involvement (you can see one such post here.) This was followed by several months working with The Graph

Most recently, we did an audit for Roll, whose tagline is "The New Standard for Social Money." Below is a testimonial from Bradley Miles, CEO at Roll: 

We were interviewing several firms to audit our codebase and it became clear pretty quickly that Elissa and her team were the best choice for the job. The entire process from start to finish was extremely simple. If you're building secure applications that intend to serve a wide audience, I'd highly recommend reaching out to Elissa.

Downloads

Overview