In the fall of 2024, our MiniTravel team unexpectedly faced a serious problem. An internal audit revealed that several key microservices were using outdated libraries with known vulnerabilities. Any of them could have become an entry point for an attack, while manual updates took up to two weeks, required significant team effort, and still didn’t guarantee stable service operation afterward.
“We understood that every day the vulnerabilities remained in production, the risk grew. We needed a solution that would not only close the gaps but also do so quickly and without downtime,” recalls MiniTravel’s CTO.
In October, we connected TuxCare to three key services: SearchService (hotel and tour search), PricingService (fare aggregation), and BookingService (reservations). The system automatically scanned all dependencies, detected vulnerable libraries, selected safe versions, rebuilt the services, and ran tests that fully replicated real user scenarios. All of this happened without interrupting the platform’s operation.
Within the first two weeks, TuxCare resolved three critical vulnerabilities:
In the search module — an update to the request-handling library closed a breach that could have led to customer data theft.
In the pricing module — the elimination of an SQL injection risk that could have affected price calculation accuracy.
In the booking module — an update to the gRPC client that prevented potential DoS attacks.
The response time to critical vulnerabilities dropped from 10–14 days to 3 hours. This means the potential attack “window” was reduced by nearly a factor of 100. We estimated that each prevented incident could have cost the company from 500,000 $ to 1.5 million $, considering possible booking cancellations, partner penalties, and platform downtime.
“In the first month of using TuxCare, we avoided at least three major disruptions that could have led to multimillion-ruble losses. Now we’re confident that we can patch vulnerabilities the same day without disrupting system operations,” emphasizes MiniTravel’s CTO.
Today, TuxCare is our main security tool. We see all vulnerabilities in one interface, and fixing them has become as quick and safe as installing a routine app update on a smartphone. This has saved dozens of man-hours for the team and protected the company from potential losses that could be critical for small and medium-sized businesses.
