[wp-hackers] Development Process

Doug Stewart dstewart at atl.lmco.com
Thu Jul 27 15:10:34 GMT 2006


Robert Deaton wrote:
> On 7/27/06, Doug Stewart <dstewart at atl.lmco.com> wrote:
>> This might be slightly orthogonal to the current discussion, but I think
>> the overall flow of the conversation points to a huge, HUGE feature that
>> WordPress and WP users alike would benefit greatly from: a unified,
>> OFFICIAL plugin update mechanism.
>
> Sure, in this case, it may have helped (and may still help), but I
> think this recommendation is too specific to this particular event.
> When this thread was written, I still didn't know the details of this
> vulnerability, and now its obvious that knowing the details are
> changing the way people look at the situation, but imagine for a
> minute that this vulnerability was a 100% core issue, and we had
> people from our own community publishing articles on how to exploit it
> so that "lazy developers will fix their software". Obviously,
> something's wrong with that picture.
>
>
It's the same kind of thinking that drove the Month of Browser Bugs:
http://browserfun.blogspot.com/

That royally pissed off Microsoft, yet Firefox and Opera reacted quickly
and fixed issues raised by Metasploit.  Let's be Firefox, not Microsoft
in our approach to these things.  Perhaps we should take a look at their
methodologies for addressing security issues...

-- 
------------
Doug Stewart
Senior Systems Administrator/Web Applications Developer
Lockheed Martin Advanced Technology Labs 
dstewart at atl.lmco.com



More information about the wp-hackers mailing list