Here are some highlights from the article.
Summer of Pwnage (#sumofpwn) describes itself as being a "community program for everyone with interest in software security" and that means everyone from "enthusiastic beginners to the 1337est hackers out there" apparently.
WordPress is the most popular web content management system with a market share of around 60%. It's used on something like 60 million websites, and has spawned a third party plugin industry numbering 45,718 items when we checked today.
"The WordPress core is actually pretty well secured", Javvad Malik, security advocate at AlienVault told SC, continuing "a very low percentage of any of the severe vulnerabilities are attributed to the core platform. It's definitely unfair to compare it to flash."
Ian Muscat, product communications manager at Acunetix, is in broad agreement. "I don't think that WordPress itself should be seen as a platform to stay away from" Muscat says "but I do think that this is an unfortunate side-effect to having such a huge plugin open community." As David Coveney points out "Most laymen believe that the official plugin and theme repository is reviewed for security, when it isn't."
At the end of the day this dichotomy over the security, or otherwise, of the WordPress platform will continue to be debated regardless of events such as #sumofpwn. Indeed, you can take the results of this Summer of Pwnage in two distinct ways according to Paul Ducklin, senior technologist at Sophos.
Either you can see it as security going backwards with 64 holes being found in just three weeks or, as Ducklin told SC, "Wow! 45,000 plugins, only 61 holes found so far, responsibly disclosed, and close to a third of those are already fixed. Now that's progress!"
Do you need help dealing with WP Vulnerabilities?
If you use WordPress then help is right here, right now. Follow the link above to the Visitor Lounge. Take a few minutes to watch the first video. Register to watch the rest and stay up to date with EZ WordPress Bulletin.