[wp-meta] [Making WordPress.org] #6939: Reporting Security vulnerabilities in plugins
Making WordPress.org
noreply at wordpress.org
Fri Apr 21 01:22:44 UTC 2023
#6939: Reporting Security vulnerabilities in plugins
------------------------------+---------------------
Reporter: dd32 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: 2nd-opinion |
------------------------------+---------------------
Comment (by dd32):
Replying to [comment:5 fearzzzz]:
> Many developers seem ashamed of their lack of knowledge, of their
mistakes, and this has its consequences on many internal processes. But
silence or ignoring security issues only makes the situation worse.
I think this is a key part of the issue, no developer writes 100% secure
code all the time, but equally, no developer ever really wishes to admit
that. Part of the problem is that while developers may understand this,
users of plugins may not, and it's their opinion that matters for plugin
authors.
But equally, there are often security fixes that are more of a 'hardening'
change - something that is technically a vulnerability (perhaps often
viewed by the author as nothing but a nitpick) but yet so extremely
unlikely to actually ever be used to against a site, and that the fear of
simply mentioning 'security' drives fear into authors.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/6939#comment:7>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list