Accolade by Bugtraq?

(March 6, 2005)

Some days ago, when all the phpBB vulnerability messages went through weblogs and other media, I wondered whether our products will ever get mentioned on Bugtraq. I cannot say that I wished to be there because it would tell everyone: Look at them, they write bad and harmful code -- keep your hands off. On the other Hand it would mean that we have reached a critical mass and that it is worth it to take the time, find an exploit and write the e-mail to Bugtraq.

As I wrote yesterday we have "finally" got mentioned on Bugtraq. But unless you are phpBB or someone of the other big players, nothing remarkable happens. There are not hundreds of curious Bugtraq subscribers occuring in order to figure out what that website with that strange name is all about. There were no users that bombarded us with questions for updates etc. We had enough time to figure out and fix that security hole without ruffle.

At the end we have fixed that rather simple bug and released updates within 12 hours. Quite a fast for a Friday evening. Could have been worse.