WordPress.org

Ready to get started?Download WordPress

Forums

Security-related enhancements for every release and paid Bounties? (3 posts)

  1. scaturan
    Member
    Posted 2 years ago #

    hi all,

    It's been awhile since I posted. I'm not a WordPress guru, security expert, developer or anything close to that.

    But I've been a WordPress user since 1.3 and for the record, I haven't come across any platform that rivals the design and ease WordPress provides. :)

    Anyhow, just curious about these particular things in RC and major release announcements.

    1. no mention of security enhancements and/or a paid 3rd party security audit of the core WordPress codebase and bundled plugins/themes

    2. no paid security bounties? I'm going to be partial here, but I've been a Menalto Gallery user since 1.4 also and they pay folks to find these security bugs, recently, paid out $1000s (the platform is not related to WordPress but just making a point bounties, paid bounties)

    I do understand there are dozens of "security companies specializing in WordPress security" and not to mention, freelancers. It looks like there sure is money to be made there. :)

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    What makes you think that paying crackers would help? I'm not against myself on principle but I'm not sure that it would help given the level of expertise amongst some areas of the WP community. As I understand it, there may also be informal links with existing professional security groups - although nothing on a paid basis.

    Then there's the issue of cost. Where would that money come from? WordPress is free and wordpress.org has no revenue. I think you'll find a very strong resistance against paying people directly right across the WP community.

    no mention of security enhancements

    How does this help? Anyone can grab WP and go through it themselves. Conversely, not mentioning patches for known security issues could have a serious effect on user confidence.

    It looks like there sure is money to be made there

    Oh - I'm quite sure there is. And some are already deriving revenue from this area but I don't think it's an area that wordpress.org wants to get into itself. For now, I think that goodwill, community and the sheer practicality of commercial companies maybe donating time, info and/or resources works really well. And it keeps WordPress 100% free.

  3. scaturan
    Member
    Posted 2 years ago #

    wonderful, at least 3.4.1 provided details of the the security enhancements made. thank you!

    please continue to mention it every release!

Topic Closed

This topic has been closed to new replies.

About this Topic