Slides: https://adcwp.me/wcsea2017

Our Goal

Keep WordPress Users Secure

Code Review

Bug Bounty Program

https://HackerOne.com/WordPress

Bug Bounty Success

• Increased number of issues reported
• Reporters feel appreciated
• Average bounty – $350
• About $12,000 paid out for valid issues
• Better Tools (as part of HackerOne)

Bug Bounty Struggles

• Only about 16.2% of reports are valid
• High Touch

Relationships

• Plugin Devs
• Hosts
• WAFs

Automatic Updates

Automatic Updates are Fast

Tens of thousands of updates a minute

Automatic Updates are Extremely Reliable

More than a 99.9% success rate

Only about a .001% failure rate

Q & A

Aaron D. Campbell – @AaronCampbell

Slides: https://adcwp.me/wcsea2017

This presentation is running on WordPress using the Presenter plugin