Skip links
Send message

Building AI-powered tools and platforms? Let's talk about your next project.

hello@harborsoftware.com

X-twitter
scroll
Ship Production AI in 3-7 Weeks | Harbor Software

Blog

Glass container about to overflow with pressure gauges reading red

Load Testing AI Applications: Unique Challenges and Solutions

Load testing a traditional web application is well-understood: generate a realistic traffic pattern, measure response times and error rates at increasing load, find the breaking point, optimize. Load testing an AI application is a different beast entirely. The response times are orders of magnitude longer
Team standup meeting looking at security audit report on TV screen

Building a Security-First Development Culture

“Security is everyone’s responsibility” is a platitude that produces no behavioral change. I have heard it at every company I have worked at, and at most of them, security remained the security team’s problem (if there was a security team) or nobody’s problem (if there

Secrets Management in Production: Beyond Environment Variables

Every production application has secrets: database passwords, API keys, TLS certificates, signing keys, encryption keys. The most common approach to managing these secrets is environment variables, and for many teams, the journey ends there. .env files in development, environment variables in CI, and deployment platform

Code Review Culture: What Makes a Review Actually Useful

After reviewing approximately 3,000 pull requests over the past six years, I am convinced that most code reviews are performative. The reviewer skims the diff, leaves a comment about a variable name, approves, and moves on. The author addresses the naming nit, merges, and ships
Corridor of identical doors with different colored keycard readers

Authentication Patterns for Multi-Tenant SaaS Applications

Multi-tenancy adds a dimension to authentication that single-tenant applications do not have: you must not only verify who a user is, but also which tenant they belong to and what they are authorized to do within that tenant. Getting this wrong leads to the most
Developer alone at desk late at night with alert dashboards on multiple monitors

How We Handle Incident Response as a Small Team

Harbor Software has eight engineers. We do not have a dedicated SRE team, a 24/7 NOC, or a VP of Incident Management. What we do have is a structured incident response process that has successfully handled 23 production incidents over the past 18 months, with

Integration Testing Strategies for Microservice Architectures

Microservices solve organizational scaling problems and create testing nightmares. When your application is a single deployable unit, an integration test can boot the whole thing, exercise a user journey, and verify the result. When your application is 15 services communicating via HTTP, gRPC, and message
Chain link made of glowing code with one red cracked link

Supply Chain Security for Modern JavaScript Applications

The average JavaScript application has 1,200 transitive dependencies. When you run npm install on a fresh Next.js project, you are trusting code written by roughly 800 individual maintainers, many of whom are anonymous, unpaid, and maintaining their packages in their spare time. The event-stream incident
Fishing net catching glowing red bug particles against dark background

Writing Tests That Actually Catch Bugs

Most test suites are theater. They pass, the CI badge is green, everyone feels good, and then a customer reports a bug that slipped through 400 tests without triggering a single failure. After eight years of writing tests across ML platforms, SaaS products, and security
Explore
Drag