Comparison Overview

Bartofil

VS

Fastenal

Bartofil

Rua Antônio Frederico Ozanan, 255 Centro Ponte Nova, MG 35430029, BR
Last Update: 2025-03-14 (UTC)
Between 900 and 1000
http://www.bartofil.com.br

Excellent

A BCR Comércio e Indústria SA é uma empresa atacadista distribuidora localizada em Ponte Nova (MG), fundada em 1951 com atuação em quase todo território nacional (exceto a região Sul). Nosso Centro de Distribuição foi inaugurado em 2004 com 15.492m². Em 2010 ampliamos para 23.635 m² e em 2014 ampliamos novamente para 41.118 m². Nossa equipe de vendas é composta de aproximadamente 1.100 Representantes Comerciais Autônomos, que trabalham com as bandeiras BARTOFIL, COTRIL e ORMEL. Além disso, nosso call center possui cerca de 150 operadoras que realizam vendas no ativo e receptivo, além de atender o SAC e outros serviços. Os principais items que comercializamos são das linhas agroveterinária, ferragens, ferramentas, utilidades domésticas, pneus e acessórios para motos, material hidráulico e elétrico, armarinho e lazer, tintas e materiais de pintura, botas, materiais de segurança e acessórios, além de outras. Nos últimos anos a BCR vem acumulando um crescimento muito superior à média do setor atacadista (dados da ABAD) e se destacando cada vez mais no segmento atacadista agropecuário pela sua competência em comercializar produtos com variedade, preço e qualidade. Já somos o cliente número um dos maiores laboratórios de produtos veterinários estabelecidos no país, que nos reconhecem como o parceiro ideal para seus negócios. Toda empresa precisa de resultados para sobreviver, mas para nós os resultados não podem ser obtidos a qualquer custo. Tudo que a BCR faz é norteado por 4 valores estabelecidos pelos seus acionistas desde a sua fundação: LEALDADE, ESPÍRITO DE PARCERIA, SIMPLICIDADE e ESPÍRITO DE UNIÃO. Esses valores devem ser respeitados por todos aqueles que carregam o nosso nome pois representam a essência da BCR. São esses valores que desde 1951 são responsáveis por obtermos dos nossos clientes, representantes comerciais, funcionários e fornecedores a nossa maior conquista: a sua confiança.

NAICS: 424
NAICS Definition:
Employees: 1,001-5,000
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Fastenal

2001 Theurer Blvd, Winona, MN, 55987, US
Last Update: 2025-03-04 (UTC)

Excellent

Between 900 and 1000
http://www.fastenal.com

By providing three things – truly local service, the world’s largest vending program, and unmatched inventory management – Fastenal saves your business time and money. Who are Fastenal's customers? • Organizations wanting to strengthen their supply chains. • Businesses looking to streamline their operations. • Campuses planning for tomorrow. In a world of disruptions, Fastenal is a supply chain partner you can count on.

NAICS: 42
NAICS Definition: Wholesale Trade
Employees: 17,368
Subsidiaries: 2
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/bcr-bartofil-cotril-e-ormel-distribuidoras.jpeg
Bartofil
ISO 27001
Not verified
SOC 2
Not verified
GDPR
No public badge
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/fastenal.jpeg
Fastenal
ISO 27001
Not verified
SOC 2
Not verified
GDPR
No public badge
PCI DSS
No public badge
Compliance Summary
Bartofil
100%
Compliance Rate
0/4 Standards Verified
Fastenal
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Wholesale Industry Average (This Year)

No incidents recorded for Bartofil in 2025.

Incidents vs Wholesale Industry Average (This Year)

No incidents recorded for Fastenal in 2025.

Incident History — Bartofil (X = Date, Y = Severity)

Bartofil cyber incidents detection timeline including parent company and subsidiaries

Incident History — Fastenal (X = Date, Y = Severity)

Fastenal cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/bcr-bartofil-cotril-e-ormel-distribuidoras.jpeg
Bartofil
Incidents

No Incident

https://images.rankiteo.com/companyimages/fastenal.jpeg
Fastenal
Incidents

No Incident

FAQ

Both Bartofil company and Fastenal company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Historically, Fastenal company has disclosed a higher number of cyber incidents compared to Bartofil company.

In the current year, Fastenal company and Bartofil company have not reported any cyber incidents.

Neither Fastenal company nor Bartofil company has reported experiencing a ransomware attack publicly.

Neither Fastenal company nor Bartofil company has reported experiencing a data breach publicly.

Neither Fastenal company nor Bartofil company has reported experiencing targeted cyberattacks publicly.

Neither Bartofil company nor Fastenal company has reported experiencing or disclosing vulnerabilities publicly.

Fastenal company has more subsidiaries worldwide compared to Bartofil company.

Fastenal company employs more people globally than Bartofil company, reflecting its scale as a Wholesale.

Latest Global CVEs (Not Company-Specific)

Description

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ?? (authRequired ? null : { id: ctx.body.userId })`. When no session exists but `userId` is present in the request body, `authRequired` becomes false and the user object is set to the attacker-controlled ID. Server-only field validation only executes when `authRequired` is true (lines 280-295), allowing attackers to set privileged fields. No additional authentication occurs before the database operation, so the malicious payload is accepted. The same pattern exists in the update endpoint. This is a critical authentication bypass enabling full an unauthenticated attacker can generate an API key for any user and immediately gain complete authenticated access. This allows the attacker to perform any action as the victim user using the api key, potentially compromise the user data and the application depending on the victim's privileges. Version 1.3.26 contains a patch for the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary and could not be configured at runtime. In practice, this meant that every deployment using Reviewbot would validate requests with the same secret unless the operator modified source code and rebuilt the component - an expectation that is not documented and is easy to miss. All Allstar releases prior to v4.5 that include the Reviewbot code path are affected. Deployments on v4.5 and later are not affected. Those who have not enabled or exposed the Reviewbot endpoint are not exposed to this issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name or (3) Last Name text field.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References