I recently completed a Master degree in Information Security at Royal Holloway, University of London. My dissertation was on the importance of responsible disclosure of vulnerabilites, so I’m going to start with a few posts on that subject. I’ll hopefully make it a bit less academic than the original report. Given I work in WordPress security, for Defiant (makers of THE BEST WordPress security plugin Wordfence), it made sense to focus on vulnerability disclosures in WordPress components.

The report needed a bit of editing from the original to make it more readable. I have also refrained from mentioning some researchers by name as I don’t want to draw attention to some of the irresponsible disclosures that they have made in the past. The aim of the report is to hopefully illustrate why developers should be given the opportunity to fix vulnerabilities in their products before advertising the fact to the world. It also shows how much damage has been done by providing full details on how to exploit vulnerabilities. using data that was kindly allowed to use by my Defiant Inc.

Any comments welcome on Twitter – @thegdwright.

On to Part 1 – Introduction, Methodology and Objectives

WordPress Security and the Importance of Doing the Right Thing