WP Tavern › Forums › Create Topic
David Anderson Justin, I don’t think that’s a good idea. It amounts in practice to saying that end-users should never have information about vulnerabilities; the plugin author and wordpress.org should have a monopoly. That, in turn, amounts to saying “just trust us”. But, confidence in the workings of a system has to rely upon independent verification. There has to be something to compare to. If pluginvulnerabilities.com have developed automated tools to find vulnerabilities with relative ease that are getting past the plugin review team (leaving aside the discussion of what purpose pv.com is putting those tools to), then that has shown up a fixable weakness in the wordpress.org side of things. They, by implication, have tooling that can be improved upon. If they could ever partner to gain access to such tools, or develop them themselves, and improve the quality of what’s in the repository, then that’d be a gain for everyone (regardless of how it comes about). Private, unreviewed monopolies are a recipe for low quality outcomes in almost every area of life.
David Anderson
Justin, I don’t think that’s a good idea. It amounts in practice to saying that end-users should never have information about vulnerabilities; the plugin author and wordpress.org should have a monopoly. That, in turn, amounts to saying “just trust us”. But, confidence in the workings of a system has to rely upon independent verification. There has to be something to compare to.
If pluginvulnerabilities.com have developed automated tools to find vulnerabilities with relative ease that are getting past the plugin review team (leaving aside the discussion of what purpose pv.com is putting those tools to), then that has shown up a fixable weakness in the wordpress.org side of things. They, by implication, have tooling that can be improved upon. If they could ever partner to gain access to such tools, or develop them themselves, and improve the quality of what’s in the repository, then that’d be a gain for everyone (regardless of how it comes about).
Private, unreviewed monopolies are a recipe for low quality outcomes in almost every area of life.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
