[wp-hackers] WordPress plugin inspections

Harry Metcalfe harry at dxw.com
Wed Feb 19 22:30:12 UTC 2014 

Hi Eric, Madalin,

That seems reasonable. For the moment - since this is not a service that 
makes us any money at all - I think that it's probably not a practical 
option. But I will keep it in mind.

You might perhaps draw some comfort from the advisories section. All of 
these specific vulnerabilities have been identified by the same testers 
that carry out inspections, have been responsibly disclosed and fixed by 
the relevant developers.

Harry


On 19/02/2014 22:25, Eric Hendrix wrote:
> Certifications. —
> Eric A. Hendrix
> hendronix at gmail.com
> 910-644-8940
>
> On Wed, Feb 19, 2014 at 5:22 PM, Harry Metcalfe <harry at dxw.com> wrote:
>
>> On 19/02/2014 22:15, Peter van der Does wrote:
>>> snip snip
>>>
>>> Does the end user really care how the code is written?
>>> The grade depends on the expertise of the testers. What makes them
>>> qualified to give this grade? Do they have a PHP certification, what's
>>> their background?
>>>
>> The really key part of this criterion is:
>>> The lack of good style must materially reduce the tester's ability to
>>> understand what the code is doing, thereby indicating that the lack of
>>> good style has reduced code readability and maintainability.
>> This isn't about aesthetics - code that is written in such a way that it
>> is very difficult to follow is also harder to maintain. It's more likely
>> to contain bugs, some of which may be vulnerabilities. And it's much
>> easier to make mistakes when editing it after you haven't looked at it
>> for a while. It's also evidence that the developer may be inexperienced.
>> These are all important factors. That said, I can't imagine that a
>> plugin would fail an inspection on this criterion alone.
>> The inspections are carried out by experienced developers. I can
>> appreciate that that might not be clear at the moment. I'm not sure how
>> we'd go about reassuring people on that front, though: what would you
>> consider to be good evidence that we're knowledgeable?
>> Harry
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list