Making web applications is great; making them updates easier will be the best. Experience proved that security bugs are inevitable in web applications development, some admit them, and others try their best to keep them hidden and unknown. But the best in my opinion would be to take a strategic decision, first by making updates easier for customers, second by choosing a transparent security policy.
Let’s talk for example about WordPress, an excellent blogging solution, widely used, which makes bloggers’ life really easier. It’s annoying, but not strange, when a survey is made they find that 98% of wordpress blogs are vulnerable. The reason is simple, updates even not that difficult, are annoying for bloggers and most of them worry about turning off their blogs even for a second to update.
While there are many solutions that could be adopted to automate the update process and make blogger’s life not only easy, but more secure.
I already talked about security and how it should be measured, not with vulnerabilities number, but with the time that these vulnerabilities remain unpatched. It’s very regrettable that patches are available, but not accessible. And I’m talking here about single click accessibility.
The solution is an automated updates system, is it too much asked? This could certainly bring maturity to wordpress and make it really a robust blogging platform, and not the age of its code.
Read more :
- Survey Finds Most WordPress Blogs Vulnerable – Slashdot.org
- WordPress Community Vulnerable – BlogSecurity.net
