Mashery

As some of you may have seen earlier today, a minor security threat was uncovered in the OAuth protocol.  It’s a mild threat, with no known exploits against it, but a threat nonetheless.

The OAuth community handled (and is handling) the threat exceptionally well.  The team here at Mashery has been actively involved in addressing the threat and coordinating remedies with other OAuth providers.  I’m very pleased with how the group organized and executed.

A solution to the issue will be available soon.  In the meantime, the threat to existing applications is very small.

If you are using OAuth in your application, I hope you feel the same way I do about the strength and commitment of the community behind you.  I can say without an ounce of hesitation that my support for OAuth has been reinforced by the community’s response to the events of the past couple of days.

Also, a special tip of the wing to the gang at Twitter.  They shouldered a truly unfair amount of abuse over the last 48 hours, as some leapt to inaccurate conclusions that their OAuth implementation was somehow broken (this couldn’t be further from the truth).  Other companies would be wise to look closely and emulate Twitter’s decision to accept short-term PR pain for the greater good of the technical community they are a part of.  Thanks, guys.

Clay Loveless
Mashery Chief Architect