Why We Built ItThis is a follow up to our post announcing the release of SmartShare.

The Secure Software Mission

Veracode's mission is to secure the software that runs the world. Our marketing department is no exception. When we recently looked at the security posture of the veracode.com website we found we were using too many untrusted third party widgets that put site visitors at risk and could even be potentially used to deface our website. Instead of removing this functionality from the website or staying with the risky status quo, we took it upon ourselves to build a safer alternative.

But why Social Sharing?

There are many options out there for social sharing, but few people realize that most of the companies that provide those solutions only do so to gain access to valuable information about your users. Those companies rely on the adoption of their 'free' social sharing tools to build vast, web-wide, user profile databases. They use the data they collect to power ads targeting businesses, and sometimes, they even sell the data itself. Rarely, if ever, do the websites that provide all that data (e.g. the site serving up the social sharing widget) see any compensation.

We want to highlight the risks associated with current methods of sharing, and the reckless use of Third-party JavaScript, and get people to think about less risky alternatives.

JavaScript based bookmarkers possess some significant downsides. Downsides include performance/latency issues, obfuscation, leaking of PII, difficulty to attest security quality. The level of skill required to exploit a vulnerability in JavaScript can be anywhere from novice to expert.

Every marketer and website owner understands the value of easy social sharing functions and every contemporary website utilizes some on-site bookmark sharing tool. The Veracode Marketing team was no exception. Being a security company, the Veracode Marketing Team is held to a very high security standard, yet we understand the critical importance of social sharing in achieving our online marketing goals. We were faced with a choice between not using social sharing at all or developing a more secure tool of our own. We chose the latter.

Enabling Marketers and Businesses

Many online marketers don't give a second thought to security when adding new functions/widgets/plugins/javaScript to their websites. There are many reasons for this, including the need to respond quickly to market/business demands and the lack of application security awareness. The responsibility of security is often held by people the Marketing team never see or interact with. And even if you happened to be a security concerned marketer I'd imagine many wouldn't know the first place to start. However, in today's world, security should be a shared concern across all departments.

There aren't many plugins that tout security as one their chief features. Security is often an afterthought to speed-to-market and slick user functionality. Understandable, but it's not an issue we were comfortable with accepting at Veracode. We wanted to provide a social sharing option for our own website and to share it with any like minded security concerned marketers and developers.

Download SmartShare: A safer social sharing plugin today

The next post in our SmartShare story will be put together by the developer of the tool. We will provide code snippets and document the APIs we used to build this too.

Veracode Security Solutions

Software of Unknown Pedigree
Web Security
Mobile Phone Security
Internet Security Scan
Web Vulnerability Scanner
Security Vulnerability Assessment

About Fergal Glynn

Fergal Glynn joined Veracode in 2008. Fergal is currently responsible for lead generation activities including content marketing, blogging, search engine optimization, webinar marketing, social media, and optimizing the marketing and sales funnel. Fergal spent his first two years at Veracode as a Product Manager.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu