[VIM] Joomla! developer: Being "The Vendor" for Security Issues
Steven M. Christey
coley at linus.mitre.org
Sun Sep 6 22:45:13 UTC 2009
This is basically a commentary on typical VDB practices shared by most of
us. The Joomla! folks have a couple solid points, especially on proper
distinction of third-party extensions from core, and their desire for
accuracy.
http://community.joomla.org/blogs/community/1029-on-being-qthe-vendorq.html
I'm thinking on a constructive response. The apparent practice of
removing vulnerable extensions from their directory is probably adversely
affecting all of us - certainly CVE, who tries to verify that an extension
is not just site-specific before we create an entry.
I ran across this while trying to track down the 1,768th Aria/S at BUN
posting of questionable utility from 2008.
- Steve
More information about the VIM
mailing list