[wp-forums] vuln

[Lorelle VanFossen]

While we are freaking out (appropriately) over our response to these 
recent issues, WordPress is not the only one hit by this.  
http://www.security.nnov.ru/Fnews78.html, among many others, lists over 
a dozen other programs effected by the "PHP inclusions, SQL injections, 
directory traversals, crossite scripting, information leaks, etc." and 
I'm sure that's the tip of the iceberg.

We might find examples of how they handled this and learn from them, so 
if anyone is involved in such groups or monitors such information, 
please help us all learn about how to handle these wisely and 
professionally.

I've been going through Mozilla's press releases and announcements, 
since Matt has mentioned they set such a good example, and they do. They 
have a top notch PR group who are very publicly responsive and timely. 
I'd like to work with our PR team to create the same kind of 
responsiveneess so if patches and fixes are not out the door 
immediately, we can publicly respond in a way that will take the heat 
off the forum and provide a stable "facade", so everyone is informed and 
the energy to focus on the fix is dedicated to fixing and not putting 
out fires. How we handle each of these issues creates a long term 
stradegy for the future.

Thanks to Podz and Skippy and everyone for taking the lead in responding.

Lorelle