Tag Archives: software

MJ Freeway’s Source Code Stolen & Published Online

By Aaron G. Biros
9 Comments

Portions of MJ Freeway’s source code were reportedly stolen and posted in Reddit threads as well as on Gitlab.com, a source code hosting website. On June 15th, the account “MJFreeway Open Source” was made on Gitlab.com, and portions of the source code were posted, but have since been taken down. Source code is essentially a list of commands of a program, the basis for making improvements and modifications to a software system. Source code can sometimes contain sensitive information. To be clear, MJ Freeway does not use an open source model; their source code is the basis of their traceability software. Open source is a tool that fosters public collaboration on software development, helping identify weaknesses or areas for improvement.

When asked to comment on the matter, MJ Freeway issued the following statement:

“Last week we discovered that someone had obtained an outdated portion of MJ Freeway’s source code. This incident has absolutely no impact on our systems or MJ Freeway services, and client and patient data is not at risk. While this theft poses no risk to our clients, patients, or business operations, we take any incident involving unauthorized access very seriously and have reported it to the Colorado Bureau of Investigation.

Unfortunately, it has come to our attention that our competitors are spreading inaccurate information about the incident, including baseless claims about SSL info and the potential for client data being compromised – neither of which is true. We encourage our customers to contact us directly with any questions they may have.

We follow or exceed all relevant industry security standards and are confident that we have the most robust security measures in our industry. None of our peers come close. However, we live in a world of determined cyber-criminals and we operate in a competitive environment. Success and size makes a company a bigger target for malicious actors, as other large companies also know. We will continue to investigate and take follow-up action as we learn more about this incident.”

On Sunday, June 18th, a user by the name of ‘techdudes420’ posted in the subreddit, r/weedbiz, a thread titled “MJFreeway goes open source.” The link for that post was the Gitlab.com page where MJ Freeway’s source code was published briefly. The same user then published a second reddit post the following day with the same link to the stolen code, but this time in the r/COents, a subreddit for the Colorado cannabis community. MJ Freeway is based in Denver. That post claimed the user found the stolen source code with a quick search and that the user was banned because of that. The moderator of the thread chimed in, saying they banned the user for posting the stolen code. “We received a takedown request from the software owner stating the code had been stolen and released without permission,” says the moderator. “After investigating the matter I reached the same conclusion and removed the thread.” The moderator then updated the comment shortly after: “Edit: As for OP [original poster] ‘finding’ the code, if that were true I don’t know why he or she would have created a new Reddit account just to post the link.”

In addition to their own cybersecurity analysis, a spokeswoman for MJ Freeway says they will be performing a third party audit and analysis this week as well. When that information becomes available, we will update this article.


Update: Multiple sources have reported that portions of MJ Freeway’s source code are still available online on torrent sites like PirateBay.

Biros' Blog

Washington Changes Course, Selects MJ Freeway as New ASV

By Aaron G. Biros
3 Comments

Two weeks ago, we reported on the State of Washington choosing Franwell as their apparent successful vendor (ASV) for their seed-to-sale traceability system contract. Late last week, the Washington State Liquor and Cannabis Board (WSLCB) sent out an email explaining that they are no longer going with Franwell and the new ASV is MJ Freeway.

The email (left) consisted of a letter sent by Peter Antolin, Deputy Director of the WSLCB, to licensees “who had written to the Board and staff regarding the marijuana traceability Apparent Successful Vendor and RFID tags.” Apparently, the reason behind switching the ASV to MJ Freeway is because Franwell’s system requires only one method for tagging plants- RFID tags. According to the letter, Deputy Director Antolin says the initial request for proposal (RFP) stated that the traceability system needs to support a variety of tagging methods, including bar codes and RFID. “The RFP requirements did not allow a vendor to make any assumptions regarding use of a single tagging methodology or allow vendors to include any such costs affecting the state or our licensees in their proposal,” says Antolin. As they made clear in the previous press release, the ASV is not the official contract winner until they complete negotiations and sign the contract.

On June 7th, Franwell withdrew their proposal for the state’s traceability system, thus Washington went with the second highest scoring vendor, MJ Freeway. Deputy Director Antolin says they submitted a strong bid, but there are still many questions left unanswered. How could such a glaring mistake be overlooked when the state named Franwell the highest scoring bidder? Is MJ Freeway’s system robust enough and capable of handling the state’s cannabis licensees’ traceability requirements even though they were not the highest scoring bidder? The deadline for the new system to be in place is October 31, 2017, which is quickly approaching for such a massive systems overhaul.

The WSLCB’s oversight highlights a few inadequacies with the state’s regulatory agency, particularly their indecision and lack of foresight. So much of the concept behind seed-to-sale traceability rests on Cole Memo compliance. A big reason why some states seek to implement a robust tracking system is to remain compliant with the Cole Memo; preventing diversion to crime organizations with regulatory oversight is a key tool that states use to tell the federal government they are complying with their directive and intend to protect their state’s legal cannabis operations from federal prosecution. Without a proper system in place, the state runs the risk of exposing their entire cannabis market to threats of federal enforcement, a scenario that seems unlikely but could be disastrous to cannabis businesses and the local economy.

The WSLCB needs to get their act together fast.

Washington Selects Franwell’s METRC for Traceability Program

By Aaron G. Biros
No Comments

The Washington State Liquor and Cannabis Board (WSLCB) announced today they plan to choose Franwell as their technology partner for the state’s cannabis seed-to-sale traceability system. While the release states they have not yet officially awarded them the contract, it says Franwell is the apparent successful vendor (ASV) to replace their current system. “An ASV is the procurement term used for the highest scoring, responsive vendor,” says the press release.

Rick Garza, director of the WSLCB, says they plan on making a number of changes that they couldn’t under their current contract. “Over the last four years we have learned a lot about this industry, including aspects to the industry that were unknown when the current traceability system was implemented,” says Garza. “We need a system that will grow and flex with Washington’s maturing marijuana system.”

Seven companies submitted bids for the new contract and the agency narrowed that down to three finalists, each of which gave presentations and demonstrations on their software products to WSLCB staff last week. They also worked with folks in the cannabis industry, selected by trade organizations, that provided input on the requests for proposal. Those industry stakeholders that participated with input will get a demonstration of the new software system in early June.

They plan on transitioning to the new system no later than October 31, 2017. Franwell’s METRC product is currently used in Colorado, Oregon and Alaska.

BioTrackTHC Awarded Delaware’s Tracking Software Contract

By Aaron G. Biros
No Comments

According to a press release, the State of Delaware has chosen BioTrackTHC as their partner in seed-to-sale tracking software. Delaware’s Department of Health and Social Services (DHSS) signed a contract with BioTrackTHC for the tracking and patient registry software.

In 2016, Delaware issued a request for proposals for “the Delaware Enterprise Consolidated Cannabis Control System,” which encompasses the statewide patient registry and seed-to-sale traceability systems. “Our sincerest thanks to DHSS for choosing Team BioTrack,” says Patrick Vo, CEO of BioTrackTHC. “DHSS has been wonderful to work with throughout the contracting process, and we look forward to partnering with them to provide the tools and data they need to continue overseeing the industry and protecting their patients.” BioTrack’s software was selected as the winner of a number of government contracts in other states previously for the same role.

Their software is currently used in government traceability systems in Washington, New Mexico, Illinois, Hawaii, New York and the city of Arcata, California. The press release states regulators will have the ability to view the retail data “including plant counts and usable inventory, lab results, transportation, and point-of-sale data—to perform periodic audits and ensure compliance.” The patient registry will also provide better patient accessibility through the new software with a faster turn around time and automated application processing.

BioTrackTHC provides technology solutions for businesses and governments to tracking products throughout the supply chain to the point of sale. The software systems help businesses remain compliant with regulations and monitor data for things like inventory management.

marijuana buds drying in racks biotrackthc

BioTrackTHC Uses Amazon Web Service’s Government Cloud for Traceability System

By Aaron G. Biros
No Comments
marijuana buds drying in racks biotrackthc

BioTrackTHC, partnering with the Hawaii Department of Health, is deploying the first live seed-to-sale traceability system for cannabis in a FedRAMP-authorized environment, according to a press release. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide risk management platform that provides standards for security assessment, authorization and continuous monitoring for cloud products and services. “BioTrackTHC, utilizing Amazon Web Service’s Government Cloud (AWS GovCloud), has met all necessary requirements to host its live government cannabis seed-to-sale Traceability Systems in one of the most secure cloud platforms in the world,” states the press release.

“The BioTrackTHC team invested an incredible amount of time and effort into this high priority project, and we are excited to see it transform from last year’s concept to clean execution,” says Patrick Vo, president and chief executive officer of BioTrackTHC. “We are grateful for the Hawaii Department of Health’s trust in us to get it right the first time.” Hawaii working with BioTrackTHC and AWS GovCloud essentially affords them an ultra-high level of data security in their state traceability program.

“We’re pleased to know that our state’s seed-to-sale Traceability System is now housed in the most secure cloud server available,” says Keith Ridley, chief of the Hawaii DOH Office of Health Care Assurance. “This ensures safety and comfort for our licensees, business operators, and our patients, who can all be confident in knowing their business data and protected patient information is being stored in the most secure traceability system in the world.” The FedRAMP decision-making body is comprised of the Chief Information Officers (CIOs) from the Department of Defense, Department of Homeland Security, and the General Services Administration, with additional collaboration from the National Institute of Standards and Technology, National Security Agency, Office of Management and Budget, and the Federal CIO Council.

The FedRAMP standards include “400 security measures and allows government agencies to use these and only these cloud environments for high-impact data where the loss of data confidentiality, integrity, or availability could be expected to have a severe or catastrophic effect on organizational operations, assets, or individuals,” according to the press release. Essentially this means that they meet the highest security requirements of the program.

 

Going Beyond POS: Innovations in Dispensary Software

By Aaron G. Biros
No Comments

In a highly competitive market, dispensaries use wide product selections, competitive prices, rewards and loyalty programs to stay relevant and attract new customers. Many of those tools used to make the retail space more efficient require analytics to stay on top of their performance metrics.

At their SE 7th Ave location in Portland, Oregon, Cannabliss & Co. uses Baker software to better connect with their customers and track sales. According to Kevin Mahoney, manager of that dispensary, they use Baker’s software for things like their online menu, online ordering, text alerts and a rewards program.

Cannabliss & Co. SE 7th Ave location
Cannabliss & Co. SE 7th Ave location

Located in an historic firehouse built in 1913, Cannabliss & Co. was Oregon’s very first medical cannabis dispensary. Now that they offer both recreational and medical cannabis, their product inventory has expanded, their sales have grown and they have a wider customer base.

IMG_7545After using Baker’s software platform for almost a year now, Mahoney says he has seen great ROI on text alerts and the analytics. The online ordering and menu features have not only highlighted sales trends, but have made budtender-customer interactions easier. “We don’t want our budtender using the menu as a focal point of the conversation, but this allows for us to highlight particular specials or strains on our menu that gets eye attention right when the customer gets in,” says Mahoney. “Moving past the point of sale, it allows another conversation to happen organically, which keeps the customer engaged.”

On average, Baker sees conversion rates close to a 5% range per campaign. “That check in option is phenomenal; we get to see how many people actually came into the store from any given text alert,” says Mahoney. “In my mind, text alerts are preferable to email alerts; they can’t be marked as spam, it is easy to delete or opt out and takes much less time.”

Kevin Mahoney at his SE 7th Ave location
Kevin Mahoney at his SE 7th Ave location

Mahoney says the online ordering feature that Baker offers is a big selling point too. “Having an ordering service is absolutely terrific,” says Mahoney. “They can come in and out in less than five minutes with their full order by using the online ordering portal.” Mahoney says they see a real draw in this feature because it lets customers treat their dispensary like a takeout window at a restaurant.

Baker just launched a software platform designed for delivery service that a dispensary in Bend, Oregon has been using for two months now. With Portland legalizing cannabis delivery services recently, Mahoney is eyeing Baker’s software for his online ordering and delivery. “When the time comes, that is something we are very interested in pursuing.”

rsz_baker_kitchen_photo_1_of_1
Analytics allow users to track the success of campaigns

In August of 2016, Baker secured $1.6 million in seed funding, led by Former Salesforce Executive Michael Lazerow, according to a press release. “Baker has created a solution that is clean and easy to use and can help dispensary owners engage their shoppers like never before – online, mobile, social and in-store,” says Lazerow. “I witnessed first-hand how Salesforce supercharges its customers’ businesses and I’m inspired to see Baker driving the entire cannabis industry forward with this same intelligent approach.” In 18 months of business, Baker has worked with hundreds of dispensaries, helping them build better connections with over 100,000 customers. At Baker, we believe the cannabis shopping experience should be as comfortable and personalized as it has become in every other retail environment,” says Joel Milton, chief executive officer at Baker. “With expertise in cannabis, data and technology we have created an industry-specific tool that allows dispensaries and brands engage with customers and build brand loyalty through a personalized shopping experience.”

rsz_connect_sms_1
Text alerts are customizable and easy to send out

According to Eli Sklarin, director of marketing at Baker, the number one reason why patients and customers choose a dispensary is because of products on the shelf. “We originally started the platform in 2014 so people could order ahead and wouldn’t have to wait in lines at the dispensary,” says Sklarin. “In 2015, we saw more dispensaries than fast food establishments in many cities. Once inventory started to settle down, we saw a need for the dispensary to better connect with their customers.” The three core products that Baker offers are online ordering, connect SMS & email and the check in & loyalty program.

Their entire suite of software options is specific to the cannabis retail space. “Our customizable program is designed to help dispensaries catch customers and keep them coming back,” says Sklarin. “The software can give a snapshot of who their customers are, insights into the overall health of their dispensary, sales per day of the week, monthly promotions and other basic analytics that help them understand their customers.” Things like strain alerts can help retain customers, allowing dispensaries to notify certain groups of customers when products are back in stock. Whether it’s a customer who prefers a particular brand of edibles or concentrates, these software tools can help dispensaries get the right message to the right customer.

Shimadzu Launches Cannabis Analyzer for Potency

By Aaron G. Biros
No Comments

On Monday, March 6th, Shimadzu Scientific Instruments, a leading laboratory analytical instrumentation manufacturer, announced the launch of a new product focused on cannabis, according to a press release. Their Cannabis Analyzer for Potency is essentially a high-performance liquid chromatograph (HPLC) packaged with integrated hardware, software, workflows and all the supplies. The supplies include an analytical column, guard columns, mobile phase and a CRM standard mixture.canAnalyzerImg1

The instrument is designed to test for 11 cannabinoids in less time and with greater ease than traditional HPLC instruments. In the press release, they claim “operators are now able to produce accurate results with ease, regardless of cannabis testing knowledge or chromatography experience.” One very unique aspect of the instrument is the lack of experience required to run it, according to Bob Clifford, general manager of marketing at Shimadzu. “We have our typical chromatography software [LabSolutions] with an overlay that allows the user to analyze a sample in three simple steps,” says Clifford. Those in the cannabis industry that have a background in plant science, but not analytical chemistry, could run potency analyses on the instrument with minimal training. “This overlay allows ease of use for those not familiar with chromatography software,” says Clifford.

An overlay of a flower sample with the standards supplied in the High-Sensitivity Method package.
An overlay of a flower sample with the standards supplied in the High-Sensitivity Method package.

The instrument can determine cannabinoid percentages per dry weight in flower concentrates and edibles. “Once you open the software, it will get the flow rate started, heat the column up and automatically begin to prep for analysis,” says Clifford. Before the analysis begins, information like the sample ID number, sample name, sample weight, extraction volume and dilution volume are entered. After the analysis is complete all the test results are reported for each sample.

Because laboratories wouldn’t have to develop quantitative testing methodology, they argue this instrument would save a lot of time in the lab. “After one day of installation and testing, users are equipped with everything they need to obtain cannabis potency results,” states the press release. According to Clifford, method development for potency analysis in-house can take some labs up to three months. “We can bring this instrument to the lab and have it ready for testing almost immediately,” says Clifford. “The methods for this instrument were developed by a team of twenty scientists working on different platforms at our Innovation Center and was tested for ruggedness, repeatability and quantitative accuracy.”

Screenshots from the software on the instrument
Screenshots from the software on the instrument

The instrument’s workflow is designed to meet three methods of analysis depending on testing needs. The High Throughput method package can determine quantities of ten cannabinoids with less than eight minutes per sample. The method was developed in collaboration with commercial testing laboratories. The High Sensitivity method package adds THCV to that target analyte list with ten minutes per analysis. The method provides the sharpest chromatographic peaks and best sensitivity. The High Resolution method package offers full baseline resolution for those 11 cannabinoids in less than 30 minutes per analysis and the ability to add cannabinoids to that target list if regulations change.

The press release states the interface should allow users to reduce the number of steps needed in the analysis and simplify the workflow. The instrument comes with a three-year warranty, preventative maintenance plan and lifetime technical support.

NCIA and BDS Analytics Partnership: Analyzing the Market Data Tool

By Aaron G. Biros
No Comments

In May, the National Cannabis Industry Association (NCIA) announced a partnership with BDS Analytics, a cannabis market intelligence and data firm, according to a press release. Beginning in June of this year, NCIA members received access to market and sales data via BDS Analytics’ GreenEdge sales tracking software.NCIA.Logo

BDS_Logo_-_with_analytics_purple_text_copyAccording to Aaron Smith, executive director of NCIA, market intelligence was previously very scarce in the emerging cannabis industry. “We hear from our members all the time that one of their biggest challenges is the scarcity of reliable market intelligence and data in the industry,” says Smith. “Being able to offer this kind of data as an included benefit of NCIA membership is incredibly valuable. We’re proud to partner with BDS and grateful for their support of NCIA’s mission.”

roybingham
Roy Bingham, CEO of BDS Analytics

The GreenEdge reports span numerous product categories as well as high-level market reporting. According to Roy Bingham, chief executive officer of BDS Analytics, NCIA member-businesses can take part in a tutorial to familiarize them with the interface. Bingham says they have extraordinarily comprehensive data on Colorado and Washington; they will have Oregon’s data ready in less than three months and roll out nationally to all major markets during the rest of 2016 and 2017.

Through using the interactive GreenEdge reports, we were able to identify key market figures and growth percentages, such as percent of the market share held by dry flower, average infused chocolate bar prices and much more. We found that Colorado’s recreational and medical markets totaled $996.5 million in 2015, just shy of a billion dollars. 28% of that market was held by infused products and concentrates, which grew by 111% over the previous twelve months. The average infused chocolate bar sold at retail in Colorado was priced at $14.47 last year. Overall, Colorado’s cannabis marketplace grew by over 41% between 2014 and 2015.

ScreenShotGreenEdge1According to Bingham, for most mature industries, a ten percent transaction value of the market is sufficient to scale data so that it speaks to the entire market. “However, this is not a stable, mature industry so we are more comfortable with a sample size of around twenty percent of the total market,” says Bingham. “We are well over those numbers in Colorado and Washington.” In order to get the data, BDS Analytics makes direct arrangements with dispensaries on their panel to get access to their point-of-sale data, which can be done in almost real time or in a download at the end of each month. “It is then standardized with a learning software system, assisted by personnel, that gets better over time at categorizing data points,” says Bingham. “We use algorithms to scale the data to the total industry size, and there are a number of adjustments made to those algorithms to make sure the data is normalized.” The program has recorded more than 20 million transactions to date.

ScreenShotGreenEdge2Dispensaries provide their data because they get the full service that comes with being a member of the panel, including details down to the brand level, according to Bingham. “This enables dispensaries to offer consumers what they are purchasing on average in their market,” says Bingham. “You get to see a breakdown of the most popular brands and items if you join the panel and submit data.” They have categorized more than 20,000 unique products, such as a number of different types of concentrates, different types of infused products and more.

The interactive data tool holds tremendous value for NCIA members and business owners in the cannabis space, giving them access to market data previously unavailable or difficult to find.

Microsoft Enters Cannabis Compliance Software Market; Industry Outlooks

By Aaron G. Biros
1 Comment

In a New York Times article published yesterday, news broke of Microsoft’s entry into the cannabis marketplace, teaming up with KIND Financial to launch its Microsoft Health and Human Services Pod for Managed Service Providers, which is essentially a seed-to-sale tracking technology. Their goal is to provide local and state governments with software solutions for traceability in the burgeoning cannabis industry.kind-financial-cannabis-government-solutions

In a press release yesterday, Kimberly Nelson, executive director of state and local government solutions from Microsoft said, “KIND’s strategic industry positioning, experienced team and top-notch-technology running in the Microsoft Azure Government cloud, made for an easy decision to align efforts.” According to KIND Financial founder and chief executive officer, David Dinenberg, the cannabis marketplace will continue to have strict oversight and government regulations. “I am delighted that Microsoft supports KIND’s mission to build the backbone for cannabis compliance,” says Dinenberg.MSFT_logo_rgb_C-Gray

This move could represent an opening of the floodgates for corporate interest in the space. According to Matt Karnes, founder of GreenWave Advisors, a cannabis financial data analysis firm, this could potentially result in an increase in capital flow into the cannabis industry. “This signals a wider acceptance of cannabis and perhaps that changes to national policies are more likely now that we see a large corporation stepping in,” says Karnes. “This could certainly mean an inflow of capital from larger, mainstream enterprises that were previously unwilling to take the risk.” Microsoft also made news recently for the acquisition of LinkedIn for $26.2 billion. The move to get into the cannabis space could represent a diminishing stigma associated with the market and a wider mainstream acceptance in business.

According to Nic Easley, chief executive officer at Comprehensive Cannabis Consulting (3C), this is another legitimizing factor for the cannabis industry. “It shows that cannabis is here to stay, and the fact that Microsoft is now spending resources on software, further validates that,” says Easley. “Many of the first mover seed-to-sale companies, entered the industry too early, had problems with their technology and lacked quality customer service, which created opportunities for new companies to emerge to dominate and capitalize upon the first ‘Netscapes’ of the cannabis industry’s failures.” Additionally, this could rationalize the market for other quality software companies such as Compliant Cannabis, according to Easley.

While Microsoft publicly announced their entrance into the cannabis marketplace,  one can speculate that other large companies are planning their entrance as well. “We are fielding inquiries from Fortune 500 companies, Wall Street investors and even major foreign investors on a weekly basis,” says Easley. “In the past week alone, we received calls from three different Fortune 500 companies asking us how they can get into the industry.” It appears that because Microsoft is in the cloud business and they are offering this ancillary service that not only does this further legitimize the industry, but it could be quelling the dated stigma associated with cannabis.