What WordPress is Doing
To Keep Your Site Safe
Slides: https://adcwp.me/wcsea2017
Our Goal
Keep WordPress Users Secure
Code Review
Bug Bounty Success
- Increased number of issues reported
- Reporters feel appreciated
- Average bounty – $350
- About $12,000 paid out for valid issues
- Better Tools (as part of HackerOne)
Bug Bounty Struggles
- Only about 16.2% of reports are valid
- High Touch
Automatic Updates are Fast
Tens of thousands of updates a minute
Automatic Updates are Extremely Reliable
More than a 99.9% success rate
Only about a .001% failure rate