HackerOne, the vulnerability coordination and bug bounty platform, has launched a new Community Edition for open source projects. The company is built around the notion that, “given enough eyeballs, all vulnerabilities are shallow.” HackerOne announced a $40 million round of funding earlier this month, which allows the company to expand its market and add new…
Freemius Insights has announced that its analytics service that was previously only available to WordPress plugins is now available for themes. The company was founded in 2015 by Vova Feldman and his team after discovering how much information is not available to developers who host plugins and themes on the official WordPress directories and marketplaces.…
Amazon is currently experiencing “high error rates with S3 in US-EAST-1,” causing a massive outage for sites, apps, and services across the web. The AWS service health dashboard was also temporarily affected by the outage. Amazon says it is working at repairing S3 and that they believe they have identified the root cause. Care to…
Slavco Mihajloski, security researcher at Sucuri, has discovered a critical SQL injection vulnerability in NextGEN Gallery, a popular WordPress plugin that’s active on more than a million sites. Mihajloski gives the vulnerability a 9 out of 10 on Sucuri’s DREAD scale. Dread stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. Each category receives a score between 0…
Linux creator Linus Torvalds joined Jim Zemlin, executive director of the Linux Foundation, on stage at the Open Source Leadership Summit for a candid conversation on maintaining open source projects. After 25 years of maintaining the Linux kernal, Torvalds has developed a network of trust that enables the project to iterate quickly with its 2.5…
In 2016, Acunetix, a UK-based security firm, found that 33% of websites and web apps are vulnerable to XSS. This number is down 5% from the company’s findings for the previous year, but it’s still one of the most common vulnerabilities. In fact, every WordPress security release for the past year has included patches for…
Kevin Wang and his team at FOSSA have carved out a niche for themselves in the open source product space with the launch of their license compliance and dependency analysis tool. The company announced a $2.2 million seed round this week after completing a year-long private beta period with Fortune 500 companies. FOSSA continuously scans…
Discourse is free, open-source discussion software created by Jeff Atwood in 2013. In addition to celebrating its fourth birthday, the team announced the Discourse Encouragement Fund. The fund allows the development team to pay contributors for critical work. In the course of a year, Discourse has paid 16 different developers a total of $17,000 to work…
Cloudflare, a content distribution network used by many popular sites, published detailed information about a security vulnerability that leaked user information, some of which was private, including passwords, private messages, etc. The vulnerability was discovered by security researcher Tavis Ormandy, a member of Google’s Project Zero team. The issue stems from a memory leak in…
Online harassment is a hot topic right now, as Twitter’s perennial battle with trolls heats up, forcing the company to develop new features to combat abuse. Technology companies are scrambling to create solutions that will make their communities safer for users and now Google is taking on the challenge of online harassment as part of…
WordPress contributor teams are getting ready for the next Community Summit, which will be held in Paris leading up to WordCamp Europe on June 13-14. This is the first time the event will be held outside the United States, making it more accessible to European community members who may have been unable to attend previous…
In this episode, Marcus Couch and I discuss the news of the week. We introduce a new segment of the show called “What’s on WordPress.tv?” where we highlight three videos to check out. We also share details of upcoming WordCamps in the month of March. Stories Discussed: A Case for REST API BuddyPress 2.8 Boosts…
In October 2016, Zerif Lite was suspended from the WordPress Themes Directory after failure to comply with the Theme Review Team’s guidelines. The suspension left 300,000 users (including those using Zerif Lite child themes) without maintenance and security updates. After five months of fixes and several rounds of review, Zerif Lite has returned to the…
In the past few weeks, the WordPress Core Editor team, led by Automattic employees Matías Ventura and Joen Asmussen, have been hard at work creating a new content creation experience. The team recently published a UI prototype for Gutenberg, an experimental block based editor. The editor displays content-specific toolbars when an element is selected and…
I’m in favor of WordPress collecting more anonymized usage data that could help make informed decisions on changes or improvements to core, such as tracking changes to the WordPress user interface, which buttons or settings are used most often, etc. A good example of when this data could have come in handy is the recent…
Enter your email address to subscribe to this blog and receive notifications of new posts by email.