Hi Seth,
There really isn't time for us to do that, in the context of an
inspection. It's a very light-touch assessment.
When we find vulnerabilities we do also report those, after working
with the vendor. And they are more detailed. For example:
https://security.dxw.com/advisories/moving-any-file-php-user-has-access-to-in-bp-group-documents-1-2-1/
Harry
On 19/02/2014 19:27, Seth Arnold wrote:
That's a very
nice summary view, but it'd be more useful in this medium
if you
included the lines of code that introduce the vulnerabilities.
Most
useful would be to coordinate with authors and MITRE for CVE numbers
for
the issues you find to ensure the issues aren't forgotten about or
otherwise
ignored.
Thanks
Hello list,
We write and publish light-touch inspections of WordPress plugins
that
we do for our clients. They are just a guide - we conduct some basic
checks, not a thorough review.
Would plugins which fail this inspection be of general interest to
the
list and therefore worth posting, as we would a vulnerability?
Here's an example report:
https://security.dxw.com/plugins/gd-star-rating-1-9-22/
Grateful for a steer...
Harry