Skip to content
Business Roundup Week Ending September 20
September 20, 2024
Written By Nathan Ingram
Patchstack’s new VDP Platform for plugin developers aims to streamline vulnerability management. The platform offers developers a central dashboard for an overview of all current and past issues.
Each plugin has its own dedicated VDP page where issues can be securely reported then validated by Patchstack.
The VDP will also help developers comply with the EU’s new Cyber Resilience Act .
Patchstack is now the leading WordPress vulnerability intelligence provider and the #1 most active CVE naming authority in the world.
Google’s AI Overviews Have Significantly Improved
Google’s AI Overviews now cite sources that match the top 10 organic search results 99.5% of the time (up from 6.2% in January).
This significant improvement suggests Google may be incorporating traditional search ranking signals into its Gemini AI model for Overviews.
The top 3 ranking results are cited in AI Overviews almost 80% of the time, with the top position featured 50% of the time.
This addresses previous concerns about Overviews citing less authoritative or trustworthy sources.
This may mean that optimizing for AI Overviews now largely rests on the same strategies used for traditional rankings.
Read more in this article from Search Engine Journal .
California Mandates AI Content Watermarking
On August 29, the California legislature passed a bill that mandates watermarks on AI-generated content to fight misinformation.
The bill is supported by major AI companies like OpenAI, Adobe, and Microsoft.
The bill is currently awaiting the California Governor’s signature.
If passed, it could set a national legal precedent for AI content regulation.
However, permanently watermarking AI content is a technical feat that has not yet been reliably accomplished
Read more in this TechCrunch article (and hat tip to the featured image on this article from The Verge )
Worth a Look
It’s unclear why you are saying that Patchstack’s VDP Platform is new. It has been around for quite a while. It is also well known to not be working well. For example, just over a year ago we wrote about how a plugin in the program hadn’t actually fixed a vulnerability and Patchstack didn’t catch that: https://www.pluginvulnerabilities.com/2023/09/08/plugin-that-is-part-of-patchstacks-vulnerability-disclosure-program-vdp-still-contains-publicly-disclosed-sql-injection-issue/
Many of the “vulnerabilities” that Patchstack takes credit are not really vulnerabilities, so the percentage cited is probably way off. But it is a big concern that many claimed vulnerabilities are being reported to a company selling access to information about vulnerabilities instead directly to the developers. As the CEO of Patchstack has said, it isn’t ethical to be reporting vulnerabilities to someone other than the developer.