[wp-forums] vuln
Lorelle VanFossen
lorelle at cameraontheroad.com
Sun Aug 14 14:13:05 GMT 2005
While we are freaking out (appropriately) over our response to these
recent issues, WordPress is not the only one hit by this.
http://www.security.nnov.ru/Fnews78.html, among many others, lists over
a dozen other programs effected by the "PHP inclusions, SQL injections,
directory traversals, crossite scripting, information leaks, etc." and
I'm sure that's the tip of the iceberg.
We might find examples of how they handled this and learn from them, so
if anyone is involved in such groups or monitors such information,
please help us all learn about how to handle these wisely and
professionally.
I've been going through Mozilla's press releases and announcements,
since Matt has mentioned they set such a good example, and they do. They
have a top notch PR group who are very publicly responsive and timely.
I'd like to work with our PR team to create the same kind of
responsiveneess so if patches and fixes are not out the door
immediately, we can publicly respond in a way that will take the heat
off the forum and provide a stable "facade", so everyone is informed and
the energy to focus on the fix is dedicated to fixing and not putting
out fires. How we handle each of these issues creates a long term
stradegy for the future.
Thanks to Podz and Skippy and everyone for taking the lead in responding.
Lorelle
More information about the wp-forums
mailing list