Disclosure: WordPress WPDB SQL Injection Vulnerability

At the current point in time there exists a very significant SQL Injection vulnerability in the WordPress code base. I want to make it abundantly clear that this does not affect anyone using WordPress “off the shelf”. It only is exploitable if you use certain WordPress code outside of a WordPress install. So this is not a very “attackable” vulnerability. Or to put it in other terms, this is a high level vulnerability which has a very low threat level. It is also worth noting that it has not been fixed by WordPress (even 90 days after disclosure).

Our Failure As An Industry

In the April issue of the PHPArch magazine (also published on her blog), Elizabeth Tucker Long wrote a really interesting editorial piece coining a concept she called Security-Driven-Development. She (quite correctly) identified a problem in the current development community where security has become an after-thought (if it’s thought of at all). This isn’t a new concept, in fact it’s a concept that I and many others have been preaching for quite a while now. However I’ve been coming to realize that I’ve had it wrong the whole time. And I think the entire industry is getting it wrong today.

Contribute to Contributors

The holidays can be a trying time of year for everyone, with all the gift buying and stress and all. I wanted to take this time to make a plea. The open source software that all of us use is powered by volunteers! Show them your support by donating! I’m compiling a list here of prominent contributors to donate to, and I strongly urge you to consider saying “thank you” to people who work hard to give you the tools and knowledge that you use every day! So, without anything further:

The True Power Of Open Source

It’s not really a secret, but I’m not a huge fan of the modern education system in America (I only speak about America, because that’s the only education system that I have experience with). I’m not just talking about “higher education”, but education as a whole. There are many problems with it, but I don’t really want to get into enumerating the problems. What I want to talk about is the lessons that education can learn from the Open Source movement.

Change: A Two Faced Devil

There’s nothing as universally controversial in this world as change. Change can be (in aggregate) for the better or for the worse, yet people will always be split down the middle. Some will believe that the change is a good thing, and others will see it as a bad thing. Often your view points will be dictated by your perspective and how the change will directly effect you. When it comes to software projects and change, what’s the right thing to do?

The Anatomy Of A Great Conference

I had the pleasure of attending the North East PHP conference this weekend. I’ve attended a lot of conferences over the years, but I found this one to be one of the most enjoyable ones that I’ve ever attended. On my drive home (4.5 hours in a car gives you a lot of time to think), I was thinking about what made it such an enjoyable time. Here’s what I’ve come up with goes into making a good conference.