[VIM] Joomla! developer: Being "The Vendor" for Security Issues

Steven M. Christey coley at linus.mitre.org
Sun Sep 6 22:45:13 UTC 2009


This is basically a commentary on typical VDB practices shared by most of
us.  The Joomla!  folks have a couple solid points, especially on proper
distinction of third-party extensions from core, and their desire for
accuracy.

http://community.joomla.org/blogs/community/1029-on-being-qthe-vendorq.html

I'm thinking on a constructive response.  The apparent practice of
removing vulnerable extensions from their directory is probably adversely
affecting all of us - certainly CVE, who tries to verify that an extension
is not just site-specific before we create an entry.

I ran across this while trying to track down the 1,768th Aria/S at BUN
posting of questionable utility from 2008.

- Steve


More information about the VIM mailing list