Oso
Oso Innovation & Technology Culture
Frequently Asked Questions
Innovation is core to everything we do at Oso. We're solving a fundamental problem in software development that has existed as long as computers themselves: authorization. We're building the category-defining solution that changes how developers approach access control.
Innovation in our product: We've created Oso Cloud, a managed authorization service that provides abstractions for building and iterating on authorization in applications. We built a custom policy language called Polar, written in Rust, that gives developers the flexibility to model any authorization pattern they need (RBAC, ReBAC, ABAC, or anything else). This approach is innovative because it decouples authorization from application logic, something most companies still handle manually.
Innovation in how we work: Team members are responsible for taking broad problems, experimenting with potential solutions, and shipping results. We don't have product managers defining every detail. Instead, we trust our team to take ownership, explore solutions, and make decisions. Our quarterly hackathons give everyone dedicated time to innovate, experiment, and explore ideas outside their day-to-day work.
Building the future of the category: We're not just building a product; we're shaping how an entire industry thinks about authorization. We maintain the Authorization Academy to educate developers on best practices, contribute to open-source projects, and actively participate in defining what modern authorization looks like. Our team includes experts who have worked on authorization at scale at companies like Google.
Backed by innovation-focused investors: Our investors include Sequoia, Felicis, and Harpoon Ventures, along with entrepreneurs and technical leaders from MongoDB, Segment, Honeycomb, LaunchDarkly, Datadog, HashiCorp, Vanta, and Supabase. They chose to back Oso because of our innovative approach to a universal developer problem.
Employees highlight our "strong, innovative leadership with an emphasis on winning" and rate us 5 out of 5 stars overall on Glassdoor.
We believe in giving our team the best tools possible to do their work effectively. No compromises on the technology and equipment that help you perform at your highest level.
Home office setup: Every employee gets access to all the latest tools and equipment they need, including high-quality keyboards and other hardware. We want you to have a workspace that's comfortable and optimized for productivity, whether you're in our NYC office or working remotely.
Tech stack and development tools: We build with modern, powerful technologies. Our core product is built in Rust, with React and TypeScript for the frontend, Pulumi for infrastructure-as-code, and AWS for cloud services. We give our team access to the tools and technologies they need to ship world-class software.
No bureaucracy around tools: As a small, high-growth company, we don't have layers of approval processes for the tools you need. If there's something that will make you more effective, we trust you to make that call. This ownership mentality extends to how we equip the team.
Continuous investment: We're well-funded with $26M raised from top-tier investors, which means we can invest in the right tools and technology. Our focus is on building the best product and providing the best experience for our team.
Learning and development: Beyond physical tools, we provide access to the resources you need to grow. Our collaborative culture, pairing sessions, and direct access to leadership all serve as tools for your development.
Oso Employee Perspectives
What’s your rule for releasing fast without chaos — and what KPI proves it?
There’s no one “silver bullet” rule to moving fast without breaking things; we approach it in layers. First, we have a variety of tools we use to validate our changes as we work, ranging from quick ones like unit tests and microbenchmarks, to more thorough ones like mirroring production traffic onto a shadow deployment of a risky candidate branch for observation. Next, we use automated checks in CI and CD to alert us of problems before they go live. For when something makes it all the way into production, we’ve designed our architecture, tooling and processes to enable quick rollbacks of various problems; in the most recent example, we rolled back a performance regression within five minutes of being alerted of the issue.
Some metrics to show our results are over five nines of uptime (despite the recent AWS outage) and sub-10ms P90 latency over billions of requests per month. Having multiple layers of tooling to prevent and mitigate problems allows us to build and ship quickly with peace of mind, since it reduces the amount of manual scrutiny required to know a change is safe.
What standard or metric defines “quality” in your toolchain?
We don’t track things like the number of story points or pull requests we’re shipping per week. We set deadlines based on what we need to get done for our customers and we hold regular engineering retros to identify things that slowed us down or held us back from achieving our goals the way we would have wanted to and prioritize fixing those problems. We regularly ship changes that improve our own development experience and velocity.
Recent examples include splitting our code into smaller modules to reduce time for incremental recompilations and launch templates for spinning up debug servers with all the tools necessary to reproduce issues observed in production and examples of things we’re currently working on are internal tooling for investing performance and improvements to logging to more quickly and easily diagnose production observations.
Share one recent adoption and its measurable impact.
Adopting a managed service provider and providing our customers with an MCP frontend for our API has been surprisingly impactful to their experience and ability to move fast when building with our product. Many of our customers use our product in fairly complex ways and when you encounter an unexpected result either in development or production with our product, it’s historically been a slow and painful process to manually issue the various API queries necessary to pinpoint the source of the issue. With MCP, I’ve seen certain debugging processes go from taking half an hour to less than a minute by allowing the customer’s agent of choice to query for all the information it needs. One thing we appreciate about MCP is how it lets our customers get a better experience with our product within whichever agent they’re familiar with; some of our customers use Cursor or Claude and they’re all able to benefit from this. There are many parallels to when we adopted language server protocol in the past.
