WordPress.org

Codex

User:Bentrem/Security

Security - Exploits, KB, and Tickets

This page in response to *cough* a comment at the head of TRAC ticked #4973 (closed 5 months ago):
From: Daniel Cuthbert <daniel.cuthbert@owasp.org>

Date: Sep 13, 2007 3:05 PM
Subject: [WEB SECURITY] When the community takes action
To: websecurity@webappsec.org

Sigh, another Wordpress exploit and issue, no shock there!
http://milw0rm.com/exploits/4397

Wordpress has a massive user-base, and it seems that the developers have little, or no, concept of any SDLC or basic secure development as every new release is met by a serious remote vulnerability that allows attackers to compromise the host blog in some form or manner.
In an ideal world, we'd see the lead developers saying they need help and asking the community for that help, but what happens when they don't?
I'm not saying become vigilantes or something, but something should be done to help projects like Wordpress act in a more socially responsible way.

Thoughts?"



Historical Interest






--bentrem 21:51, 4 February 2008 (UTC)