[wp-hackers] WordPress plugin inspections

Harry Metcalfe harry at dxw.com
Thu Feb 20 12:30:06 UTC 2014

We do for advisories - which identify specific vulnerabilities - but not for inspections,  which more generic. It wouldn't really be practical for us to do it for inspections.

This has come up elsewhere in the thread,  though - and we've pondered automatic notifications going to the plugin's forum. What do you think?


Sent from my mobile

<div>-------- Original message --------</div><div>From: Peter van der Does <peter at avirtualhome.com> </div><div>Date:20/02/2014  12:08  (GMT+00:00) </div><div>To: wp-hackers at lists.automattic.com </div><div>Subject: Re: [wp-hackers] WordPress plugin inspections </div><div>
</div>On Thu, 20 Feb 2014 08:37:55 +0000
Harry Metcalfe <harry at dxw.com> wrote:

> Disappointingly, we'll perhaps have to agree to disagree.
> I think the site is a positive contribution to WordPress's security.
> Hopefully, in time, we'll earn some trust. I'm not expecting that to
> be instant. I don't think we're condemning anybody: we're pointing
> out issues which are widely accepted to be indicative of problematic
> code.
> In the mean time, people are - of course - free to vote with their
> feet and not visit the site. Or set up a better one.

Do you contact the developers privately about your findings before
posting them to the public?

Peter van der Does

GPG key: CB317D6E

Site: http://avirtualhome.com
GitHub: https://github.com/petervanderdoes
Twitter: @petervanderdoes

wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list