Last week we mentioned another area beyond security where the WordPress community is getting harmed by the people in charge, accessibility when it comes to new Gutenberg content editor. In the wake of the resignation of the head WordPress Accessibility Team, who had pointed to problems caused by Matt Mullenweg in their resignation post, it had been proposed by an employee of Matt Mullenweg’s company Automattic to have independent audit of Gutenberg’s accessibility. To us it sounded like it might be done in way that would be skewed, considering part of the proposal stated:

Feature-for-feature, compared to a classic editor with similar capabilities (eg a bunch of plugins installed), I’d bet* Gutenberg is more accessible. [Read more]

Among the many of issues that come together to create the rather poor state of security these days, there is the poor state of security journalism, which isn’t so much journalism, but stenography, with the journalist simply repeating claims made by security companies. Many of those claims are in fact false, which seems like what journalist should be covering especially when you have millions, if not billions of dollars being spent on security products and services marketed with similar lies as well. That spending on products and services that don’t provide the security promised is having international repercussions, making the lack of good journalism so tragic. What seems like it explains some, if not a lot, of that lack of critical coverage is that you have security journalism outlets that are owned by security companies, even while being promoted as being “independent“. Journalists at those outlets are unlikely to be critical of security companies, since that would likely bring attention to the ownership situation and raise concerns about the reason for the critical coverage (even when it would likely be very warranted). It wouldn’t seem hard to believe that other journalist likely would do the same since their next paycheck might be coming from a security company.

WordPress faces a similar situation. One of the few outlets included on the “WordPress Events and News” portion of the WordPress admin dashboard is the WordPress Tavern, which is owned by Matt Mullenweg. That is disclosed on the About page of the website, but doesn’t look to be generally mentioned when something else connected to him is being covered. That connection seems like it might be of concern when it comes to what was mentioned in a recent post on the website, which is headlined WordPress Accessibility Team Lead Resigns, Cites Political Complications Related to Gutenberg. [Read more]

Last week we ran across information we had been wondering about for some time for one specific reason, but found the information important for other reasons. We had wondered for some time who were the people doing the security reviews of WordPress plugins before they returned to Plugin Directory after being pulled for security issues. As we have mentioned in the past, the reviews have not been very good, the most glaring issue being a failure to make sure that vulnerabilities that had lead to plugins being removed had been fixed when they likely already being exploited.

When we found the list of the people on the team we weren’t all that surprised that there were problems with the security reviews based on the makeup of the team. What was the most striking thing was that there are only six people on the Plugin Directory team. That is six people managing a directory of over 52,000 plugins. That obviously isn’t enough and it isn’t surprising things are not being properly handled. [Read more]