Spree Commerce

Try It Now

Heartbleed and Open Source Security

Posted on April 16, 2014 by Alexander Diegel

Has Heartbleed Made You Think Twice About Open Source Security? Think Again.

By now, unless you have been woefully under-informed, you’ve not only heard of Heartbleed, you have likely had more than your fill of emails from web sites advising you about their patches. Ironically, as those emails pile up in your inbox, Heartbleed starts to seem like more of a nuisance. But the fact is, the personal information of millions was put at risk and it may be some time before we completely realize the damage that has been done.

Some have used this as an opportunity to point fingers at OpenSSL and Open Source frameworks in general. They point to the collaborative nature of the applications as an increased security threat. The argument is that when anyone can submit changes to an open source project, there is no way to know if a malevolent developer will intentionally create a vulnerability, similar to Heartbleed, with the sole intent of exposing security weaknesses within the software.

However, Heartbleed isn’t a result of the fact that OpenSSL happens to be open source software. As we’ve seen time and time again, even the most robust enterprise software can be compromised by security flaws. This truly is not a question of whether open or closed source software is more likely to be compromised. As long as software is being written, whether open or closed, there will be holes to be patched.

When thinking about the security risks of open source software, there are two key points to remember. First, when backed by effective open source communities, open source software is made safer because so many developers actively test and fix the code.

For example, Spree has one of the most active developer communities in the world. Spree developers communicate regularly regarding all kinds of issues, be it feature improvements or bug fixes. Of course, Spree also utilizes extensive testing tools before releasing any software. With the combination of our in-depth testing and the community’s vigilance, we can be much more on top of quick resolution of bugs than closed software systems.

Second, when there is a need for a security patch or other bug fix, the person in control of implementation is…you. With closed source, you need to wait for the enterprise in control to fix the problem and make it available to users. For example, Akamai, one of the best, most sophisticated technology firms on the planet, is still working to address its Heartbleed vulnerabilities. Thus, users have no choice but to wait on Akamai for a complete fix. Open source users can do what they want with the code. They can use a patch that has been made available on Github, or can otherwise modify their code as they see fit. In fact, because Spree is open source and its users control their own code, they can choose to replace OpenSSL altogether if they so desire.

At the end of the day, the truth is that no piece of software is perfect, and that both open source and closed source frameworks are vulnerable to security flaws. The fundamental difference to remember is the relative ease with which these inevitable bugs can be found and fixed in open source platforms, so that consumers can again be protected as quickly as possible.

WeMontage Takes their Business to the Next Level

Posted on April 16, 2014 by Alexander Diegel

How Spree Commerce Helped WeMontage Take Business to the Next Level

WeMontage, an up-and-coming photo collage company, was getting its first taste of the inevitable for any successful start-up: It needed to keep up with its rapidly growing consumer base, and its preliminary web application was no longer getting the job done.

What WeMontage needed was a fully-featured e-commerce system, but it did not have the in-house resources to accomplish this necessity. At first, the company just used Spree for basic functions such as processing online transactions, promotions and reporting. But as business grew, so did WeMontage’s need for Spree’s more expansive options.

Before long, WeMontage extended its software’s functionality to support aspects such as a multiple-purchase incentive program, as well as a user-credit system to share with friends and family. WeMontage has since been recognized as one of the emerging e-commerce startups, and was recently highlighted on a “Today Show” digital lifestyle feature.

Click here to download the full case study and learn how Spree took WeMontage to the next level.

Best M-Commerce Practices by Bryan Mahoney

Posted on April 15, 2014 by Alexander Diegel

Best M-Commerce Practices by Bryan Mahoney from SpreeConf 2014

Though still very much in its infancy, mobile commerce is already an established force in the retail marketplace. As sellers continue to adjust to this medium, there is plenty of room for improvement.

From SpreeConf 2014, Bryan Mahoney, partner and director at Dynamo, discusses keys to best m-commerce practices that will keep your shoppers happy, and most importantly, help grow your business.

With tips that include how to keep your homepage concise, the significance of calls to action, and the importance of limiting content on your website, Bryan’s presentation is a must-watch for retailers who want to stay ahead of this growing trend in the shopping experience.

More sessions and videos from SpreeConf will be uploaded soon, so make sure to subscribe to our YouTube channel.

Behind the Best Storefronts by Sean Schofield

Posted on April 10, 2014 by Alexander Diegel

Behind the Best Storefronts by Sean Schofield

As co-founder and CEO of Spree Commerce, Sean Schofield was able to provide his valuable insight on Spree Commerce’s impact on the future of the e-commerce industry at SpreeConf 2014.

Sean talked about how Spree is continuing to empower the world’s sellers. He discussed the rapid growth of Spree’s open source community and its impact on our storefront platform. Sean also updated the audience on the latest developments with the hub, which developers and store owners can use to add and manage integrations to other services such as fulfillment providers, accounting systems, and more.

In his talk, Sean outlined where Spree Commerce is going, and why now is such an exciting time to join partners and customers like Bonobos and GoDaddy, to become an integral contributor to the e-commerce future.

More sessions and videos from SpreeConf will be uploaded soon so make sure to subscribe to our YouTube channel.