04 Apr

When Full Disclosure of a Claimed WordPress Plugin Vulnerability Leads To A Bigger Problem

When it comes to disclosing security vulnerabilities, a major issue is when the vulnerability should be disclosed. On one side is full disclosure, which involves disclosing it as soon as possible, including before the vulnerability has been fixed. On the other side is responsible disclosure, which involves disclosing a vulnerability in a coordinated manner sometime after it has been fixed. Both have issues worth discussing, but in this post we will focus on one example of what can go wrong when a claimed vulnerability in a WordPress plugin is disclosed without giving the developer prior notification.

[Read more]