We launched a new admin panel for the Buy-Back Guarantee program. You can now search guarantees, issue refunds and update addresses
We imported all old FetchReport reports (from before 2015) and made it easy for members to claim reports that they uploaded using a different email address
We added a new My Education Records dashboard that makes it easier for members to access and understand their records
Record Locators are codes that look something like — this 12-character (although sometimes longer) code will make it a lot easier for our members to refer to things in a way that is easy for us to look up. Right now, the Buy-Back system is the only thing using record locators, but expect to see them popping up more in the near future.
Our hope is that these codes will make it a lot easier for staff to provide support to members (“Can you tell me the record locator? It’s listed at the bottom of the page.”).
This most recent release was a return to our normal development workflow. Most issues related to security and the exam have been addressed. We’re running a public beta of the exam and all the new security features are live and working well.
Items completed during this cycle:
Prep work for updating the exam admin system
Prep work for launching the Spanish version of the online exam
Updated and improved the online affidavit
Bug fix for password reset functionality
Added a “trusted host” configuration as a result of a report from our bug bounty program
Improvements to the two-factor authentication system
Published an updated version of our training card app
Improvements to multi-inspector admin tools
Updates to insurance application
Updates to health insurance portal
Added “special interest” chapters to the chapter system
We also saw a lot of interesting feedback from the bug bounty program that was launched in the previous two-week cycle. We received 28 bug reports in total. Of those, 18 we rejected (many of them were not legitimate bugs) and 7 resulted in us fixing a bug and paying a security researcher. One of the bugs that we paid out resulted in us submitting a patch to the underlying software (the bug wasn’t in our software, but instead in a very popular open source project). All-in-all, the bug bounty program has been very helpful in finding potential issues before they become real concerns.
During this development cycle we were made aware of a potential security breach. We ended up spending nearly all our time investigating, mitigating, and implementing fixes related to that:
All application keys were changed
Two-factor authentication was added
Better password security rules were added
New login checks were added to prevent someone from logging into a staff account without explicit approval
Moved the vulnerable application to an entirely separate server with very strict restrictions applied
We also completed some of the planned work for this cycle:
Prep state roster files for convention attendees
Allow coupon codes that are less than 10 characters long
This development cycle was almost entirely dedicated to the new online exam system. Much of the work during this period stretched into future cycles. That work, plus some other non-exam items:
Improved “unit testing” to ensure that the exam system works as expected
Added browser tests that automate running thru an exam to ensure that everything works in different browsers
Added a “component library” so that developers and quickly pull in UI components where needed
Finalized the online exam UI to get it “beta-ready”
Improved webinar system to allow for more registrants
Audited exam security and added additional checks
Added a delay for submitting the same address to the Buy-Back program to help prevent double-submissions
Added a way to look up specific inspectors by name (rather than just searching by location)
Much of the work in this development cycle was laying the groundwork for multi-inspector changes. On top of that, there were a handful of other changes:
Imported Spanish translations for the Online Inspector Exam (this is in preparation for adding a Spanish option, which is not yet live)
Improved the way we display events on the site
Texas Convention prep work
Send students an email confirmation when they submit an essay
Addressed “past due” notices showing incorrectly for a small subset of members
Rearranged the company dashboard for multi-inspector companies
Most of the work in this development cycle was around the new exam system. We laid much of the groundwork and structure, and set up a roadmap for releasing the new exam system. A few other small fixes and changes:
Updated videos and COVID notice on homepage
Fixed an issue with the gallery when a category had no images yet
Fixed our asset pipeline to address issues members were having when browsing the site in Google Chrome