Hacking for good
Through Tinfoil, Michael Borohovski ’09 and Ainsley Braun ’10 have commercialized scanning software that uses hacking tricks to find vulnerabilities in websites and alert developers and engineers who can quickly fix problems before sites go live.
Thousands of startups and small businesses, as well as several large enterprises, are now using the software. And around 75 percent of websites scanned have some form of vulnerability, Braun says. Indeed, a ticker on Tinfoil’s website shows that the software has caught more than 450,000 vulnerabilities so far.
“Our No. 1 goal is making sure we’re securing the Internet,” says Braun, Tinfoil’s CEO and a graduate of MIT’s brain and cognitive sciences program.
While at MIT, Braun and Borohovski ran with a group of computer-savvy students who extensively researched security issues, inside and outside the classroom. For his part, Borohovski, a lifelong hacker, took many classes on security and wrote his senior thesis on the topic of Web security.
Tinfoil started as an enterprise, however, when Braun and Borohovski reconnected in Washington after graduating, while working separate security gigs. As a hobby, they caught vulnerabilities in websites that required their personal information, and then notified site administrators.
“We’d get emails back saying they’d fixed the vulnerability. But we could exploit it again,” Braun says. “Eventually, we’d just walk them through how to fix it.”
When job offers started pouring in, the duo saw potential. “We said, ‘If people want to hire us to do this, then there’s a need,’” says Borohovski, Tinfoil’s chief technology officer, who helped build the firm’s software.
Returning to Boston, Braun and Borohovski founded Tinfoil, with the help of MIT’s Venture Mentoring Service, to launch the product. The startup has grown rapidly ever since: Recently, it partnered with CloudFlare, adding to a list of partnerships with Heroku, Rackspace, and others