At Clever, we chose early on to deliberately define the key principles we wanted our culture to reflect. These tenets are a part of day-to-day vocabulary, and we think they make us a stronger team. About a year ago, we asked ourselves: how do these tenets apply to our engineering team? Are there aspects of […]

Clever Instant Login makes it easy for students to log in to their learning applications, saving valuable instructional time. By using the widely-deployed OAuth 2 protocol, our team tries to save valuable development time and make it easy for our app customers to create integrations. OAuth 2 has been a fairly smooth road, but we […]

Since June 2012, Clever has only had one version of our API: v1.1. We’re now ready to introduce v1.2! In this post, we’ll talk about what the new version means for our customers. Why API versioning? Very few, if any, non-Clever developers saw API v1.0. Early beta versions had this designation, but as we finalized […]

The password is both a ubiquitous and brittle security mechanism. With the emergence of new security trends like post-quantum cryptography and IoT-botnet attacks, it’s easy to overlook attacks that exploit guessable, reused, or coerced passwords. But the wherewithal among users to use strong passwords and keep them safe is rare. Despite decades of practice, managing […]

Clever Badges makes it easy for K-2 students to log into applications. As with any new feature, we wanted to understand and address any potential security risks before we launched Clever Badges to our users. If we built Clever Badges without thinking deeply about security, it would have been easy to introduce a vulnerability and […]

A few months ago Clever had the opportunity to give a talk to the GoSF Meetup group (the “largest Go meetup group in the world”!). Mohit and Alex discussed their experience creating Sphinx (our rate limiting service) and the usefulness of Go’s interfaces in doing so. Here are the slides: There are a few reasons […]

Sometimes it’s obvious what code has to change, but it’s painfully hard to prove you’ve fixed it. When’s the last time a conceptually simple fix took you hours longer to than planned, because you could not get the project running locally to verify your change worked? I just want to change a little CSS on […]

Student Data privacy and security are our foremost responsibilities here at Clever. We invest heavily to ensure that we are improving privacy for schools, students, and teachers, and we make sure that everyone at Clever is constantly working towards this goal. About five months ago, we were made aware of aspects of our privacy policy […]

Back To School is the busiest time for any education company. Students, teachers, schools, software companies, and the rest of the education world are all gearing up for a new school year. Unfortunately, during the most critical time of the year, Clever’s infrastructure was throwing a fit. At the time, Clever was adding over a […]

CVE-2014-6271 and CVE-2014-7169, also known as “Shellshock”, are high impact vulnerabilities affecting the Born Again Shell (BASH). The vulnerability allows an attacker to trick Bash into running arbitrary commands which could result in unauthorized disclosure of information, unauthorized modification and disruption of service. Because this is such a big threat, and because at Clever we take security […]