Do you know Patchstack? You should! Patchstack (formerly WebARX) is a cybersecurity company with a unique approach to connect bug bounties and community-driven security research with virtual patching technologies to reach its goal to make the web a safer space for everyone.
Patchstack has a public WordPress Vulnerabilities Database, they bring the informations we need about WordPress vulnerabilities and can even patch those virtually (meaning that you can still using versioning!).
SecuPress is creating a strong partnership with Patchstack, this is why you will find their services in a next SecuPress version.
ps: no, this is not a sponsored post, there is no such thing on this blog.
At Patchstack, they think that vulnerability reports should be public and freely available. To really make the web more secure, they can’t keep the information about threats to themselves like other could do.
With their Vulnerability Database, everyone can now get the last daily informations about WordPress Core, Themes and Plugins security issues. They aggregate their own data research, the ones found here and there, and also the one from the Red Team.
Check their PDF about Security vulnerabilities of WordPress ecosystem in 2020 By Oliver Sild, Founder and CEO of Patchstack (April, 2021). These are accurate stats from their work, only a few are doing that kind of white paper, very good initiative.
Imagine that your website has 1,000 security researchers making sure it’s secure and safe for everyone. It may sound crazy, but Patchstack makes it possible.
The Patchstack Red Team is a community of independent security researchers who contribute as volunteers to build a safer web with love because they care about WordPress and its users.
And you know what? I, Julio Potier, am now part of this Red Team and happy to be. I will now report all my findings on Patchstack. Others services, or feeds, or curators will have to come at Patchstack to find the new stuff everyday and that’s a good point for you, for everyone.
When a security researcher (even if it’s not his main job, could just be a WP/PHP dev) finds a vulnerability, he can report it to Patchstack and be rewarded for it, even for small plugins, even for free plugins from the WordPress Repository. The more you report, the more you earn points depending on the security score, installations etc.
Then you can enter the prize pool to try to get a share of the cake, for example here is the prize pool blog post for may 2021: https://patchstack.com/patchstack-read-team-pool-increased-1300-usd/.
Usually, only premium plugins could reward with a bounty reward like I did last month on iThemes Security and the ByPass vuln, but now, thanks to Patchstack, every plugin can be a source of bounty: Free, freemium, premium only, from almost anywhere: WP repo, TForest, CCanyon etc (not your custom ones of course).
Patch you stack with Patchstack!
Because there is patch in Patchstack. The main focus for them is to detect the building blocks of which your websites are made of and identifying potential vulnerabilities within each component.
When a vulnerability is detected, Patchstack security modules ship virtual patches to your websites in near real-time – keeping your website safe from any potential attacks.
This is a very good idea and really, the pricing is more than honest. I really recommend every webmaster and agency with many clients to get this small fee to be patched right away.
I know that SecuPress could do something like this, but I have to admit, my solution v0.1 would change the files and only work for WordPress repo, so, thanks Patchstack !
Patchstack is an Estonian cybersecurity company. It allows more than 50,000 developers (In just 6 months, grown from 10,000) to detect and patch third-party code vulnerabilities. The company was accelerated by the Cylon cybersecurity startup accelerator in London and has won numerous startup competitions.
Again, SecuPress will benefit from the vulnerability database from Patchstack, every next security issue find in a plugin or theme will be disclose to Darius at Patchstack Red Team.