Login

Tag Archives: Justin Tadlock

21 Dec 2021

Patchstack Continues to Overstate Size of Their Database Despite Dropping Claimed Size for 2021 by 35%

Last month we noted that a couple of WordPress news outlets had repeated what appear to be clearly false claims made by one of WordPress security provider Patchstack. It should go without saying that a security company that isn’t honest is a big deal. We have run across a further claim from Patchstack that disputes the previous claim they made, while still appearing to be false.

On November 5, the WP Tavern ran a story by Justin Tadlock that included this claim about the number of vulnerabilities in Patchstack’s database for this year: [Read more]

29 Nov 2021

WP Tavern’s Justin Tadlock Won’t Address Lack of Due Diligence With False Claims from Patchstack

Earlier this year we ran across claims from the web security company Patchstack that a bug bounty program they were running, which they were misleadingly market as a “red team”, was finding an extraordinary amount of vulnerabilities in WordPress plugins.

In May, for example, they claimed that there were 292 vulnerabilities found and that one of the submitter found 149 vulnerabilities and another found 101 vulnerabilities. Both the total and individual numbers sounded hard to believe based on our experience, both collecting up data on vulnerabilities in WordPress plugins and discovering vulnerabilities. [Read more]