[wp-hackers] WordPress plugin inspections
Harry Metcalfe
harry at dxw.com
Thu Feb 20 12:30:06 UTC 2014
We do for advisories - which identify specific vulnerabilities - but not for inspections, which more generic. It wouldn't really be practical for us to do it for inspections.
This has come up elsewhere in the thread, though - and we've pondered automatic notifications going to the plugin's forum. What do you think?
Harry
Sent from my mobile
<div>-------- Original message --------</div><div>From: Peter van der Does <peter at avirtualhome.com> </div><div>Date:20/02/2014 12:08 (GMT+00:00) </div><div>To: wp-hackers at lists.automattic.com </div><div>Subject: Re: [wp-hackers] WordPress plugin inspections </div><div>
</div>On Thu, 20 Feb 2014 08:37:55 +0000
Harry Metcalfe <harry at dxw.com> wrote:
> Disappointingly, we'll perhaps have to agree to disagree.
>
> I think the site is a positive contribution to WordPress's security.
> Hopefully, in time, we'll earn some trust. I'm not expecting that to
> be instant. I don't think we're condemning anybody: we're pointing
> out issues which are widely accepted to be indicative of problematic
> code.
>
> In the mean time, people are - of course - free to vote with their
> feet and not visit the site. Or set up a better one.
Do you contact the developers privately about your findings before
posting them to the public?
--
Peter van der Does
GPG key: CB317D6E
Site: http://avirtualhome.com
GitHub: https://github.com/petervanderdoes
Twitter: @petervanderdoes
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list