By Oliver Sild, the co-founder and CEO of Patchstack
Web applications today are built with heavy use of open source code – all of which is largely put together by large communities of independent software developers. In fact, you can find open-source projects for almost everything.
These communities behind open source are powerful. They maintain and develop software that many of us use on a daily basis. For example, WordPress.org is an open-source content management system that is currently running around 41% of the websites online.
The amount of code for plugins, extensions, etc. developed by the open-source community is massive. Patchstack believes that the only way to provide security for such a scale requires a similar community effort.
Patchstack Red Team – A community of independent security researchers
With more than 60,000 open-source components available just for WordPress alone, it’s clear that solving this problem needs a community effort.
Patchstack launched a gamified bug bounty platform where independent security researchers can report vulnerabilities in open-source web application components such as WordPress plugins and receive scores based on their findings.
Many truly open-source projects make no revenue, but that doesn’t mean they don’t deserve to get their security improved. The score system is eliminating the issue where only projects which would be capable to pay bounties would get audited.
Everybody from the ecosystem can contribute
The monthly prize pool for the top security researchers comes together with the support of companies. In fact, anyone who wants to contribute to the more secure web can support the initiative.
Hosting companies who contribute to the Patchstack Red Team will also get API access to the Patchstack Database which holds the information of the new vulnerabilities. This allows them to notify customers about new vulnerabilities affecting their websites in near real-time.
Meanwhile, companies who build plugins can contribute to the Patchstack Red Team to get their project featured on the platform and therefore get more attention from the community. This allows them to identify more vulnerabilities and fix them faster.
Want to contribute to that initiative? Reach out to firstname.lastname@example.org
Providing protection for 41% of the web
Patchstack is combining the community input with their virtual patching technology to ultimately protect the whole web. They have started by providing protection to those they believe need it the most – WordPress users.
The latest white paper released by Patchstack called “Security vulnerabilities of WordPress ecosystem in 2020” revealed that 96.2% of vulnerabilities in the WordPress ecosystem originate from third-party plugins and themes.
The Patchstack SaaS application allows developers to automatically identify and patch vulnerable code on their websites. Thanks to the Patchstack Red Team community, the Patchstack SaaS application can identify and patch such vulnerabilities before the competition.
Patchstack Database – Giving back to the community
Patchstack as a company values transparency, integrity, and community. For that reason, the company has made a promise early on to keep the security information freely accessible to the public.
Developers, researchers, and really anyone who is interested can find the latest vulnerabilities through Patchstack Database. The database includes hand-curated and enriched information about every WordPress core, plugin, and theme vulnerability.
About the Author
Oliver Sild, the founder and CEO of Patchstack is an Estonian cyber security entrepreneur who has been actively giving back to the community through it’s NGO by organising hacking competitions, cyber security events and running a hackerspace in Pärnu, Estonia.