<aside> đź’ˇ Notion Tip: Use this template to plan and execute every part of your launch with your team, in one, centralized page.
</aside>
Product Launch Goals
Promote Security thought leadership to existing customers
Excite prospects on security potential and gaps in existing posture
Drive CodeScan adoption and start conversations
Launch Content
Blog —> use this to send to customers
Release Notes —> Details on the new features
Letter from VP of CSM—> Communicated to Customers
Polyfill Release Deck —> Account teams to leverage
Product Launch Dates
Product Released - MTCE Release July 6th
Internal Webinar (July 9th)
External Marketing Activities (Ongoing)
CodeScan will support existing customers security frameworks with the following capabilities by July 8th:
Enhanced Security Development
Advanced Security Detection: CodeScan leverages enhanced security rules and configurations associated with them to identify and flag insecure or outdated polyfills in your codebase.
Version and Vulnerability Checks ensure polyfills are up-to-date and free from known security issues.
Integrated Scanning for Security issues
CI Pipeline Integration: Seamlessly integrates with your CI pipeline on ARM to detect and address polyfill-related vulnerabilities during development.
Proactive Issue Management
Detailed Insights: Provides clear visibility into polyfill vulnerabilities, helping you address issues before they reach production.
Guided Remediation: Offers recommendations and best practices for mitigating risks associated with polyfills.
The reliance on polyfills to support older browsers like IE11 has led to significant security concerns.
Recently, a security issue affected over 100,000 websites due to vulnerabilities in polyfills, which provide modern JavaScript functionalities to outdated browsers.
While polyfills solve compatibility problems, they can also introduce security risks if not properly implemented or updated, exposing applications to attacks.
Widespread Use within Salesforce
Broad User Base: Many Salesforce customers rely on applications built using Visualforce and Lightning Web Components (LWC), which are dependent on JavaScript.
Dependency on Older Browsers
IE11 Compatibility: A significant portion of Salesforce's user base still uses older browsers like IE11, necessitating the use of polyfills to ensure compatibility.
Third-Party Applications on AppExchange
AppExchange has thousands of third-party apps that rely on polyfills. Insecure polyfills in these apps can affect the entire Salesforce environment.
Potential for Supply Chain Attacks:
Outdated polyfills can lead to supply chain attacks, affecting many apps at once. A vulnerability in a widely used polyfill can amplify the impact across Salesforce applications.
Key Actions with CodeScan:
Salesforce Governance and Security Framework:
Accelerated Security Policy Development: CodeScan enhances your security framework by creating advanced rulesto manage and secure polyfills, ensuring they are compliant and secure.
Salesforce Application Security:
Enhanced Detection Capabilities: CodeScan detects and flags insecure or outdated polyfills in your codebase. It integrates with your CI pipeline on ARM to catch and address vulnerabilities during development.
Proactive Visibility and Remediation: Provides detailed insights into polyfill vulnerabilities, helping you address and remediate risks to protect sensitive data.
Integrated, Comprehensive Control and Visibility:
Seamless Integration: Ensures continuous security checks and proactive management of polyfills, maintaining a secure and compliant Salesforce environment.
If polyfills are not implemented correctly or are outdated, they can expose applications to security vulnerabilities such as supply chain attacks.
Polyfill shared a statement with The Hacker News that said, “We detected a security issue recently that may affect websites using certain third-party libraries.” It’s been reported that more than 100,000 websites were impacted by this event.