Patchstack Launches Vulnerability Disclosure Program Platform
- Patchstack’s new VDP Platform for plugin developers aims to streamline vulnerability management.
- The platform offers developers a central dashboard for an overview of all current and past issues.
- Each plugin has its own dedicated VDP page where issues can be securely reported then validated by Patchstack.
- The VDP will also help developers comply with the EU’s new Cyber Resilience Act.
- Patchstack is now the leading WordPress vulnerability intelligence provider and the #1 most active CVE naming authority in the world.
- Last year, 73% of all WP plugin vulnerabilities were first reported by Patchstack.
- Patchstack just paid the highest ever bounty for a WordPress vulnerability ($14,400).
Google’s AI Overviews Have Significantly Improved
- Google’s AI Overviews now cite sources that match the top 10 organic search results 99.5% of the time (up from 6.2% in January).
- This significant improvement suggests Google may be incorporating traditional search ranking signals into its Gemini AI model for Overviews.
- The top 3 ranking results are cited in AI Overviews almost 80% of the time, with the top position featured 50% of the time.
- This addresses previous concerns about Overviews citing less authoritative or trustworthy sources.
- This may mean that optimizing for AI Overviews now largely rests on the same strategies used for traditional rankings.
- Read more in this article from Search Engine Journal.
California Mandates AI Content Watermarking
- On August 29, the California legislature passed a bill that mandates watermarks on AI-generated content to fight misinformation.
- The bill is supported by major AI companies like OpenAI, Adobe, and Microsoft.
- The bill is currently awaiting the California Governor’s signature.
- If passed, it could set a national legal precedent for AI content regulation.
- However, permanently watermarking AI content is a technical feat that has not yet been reliably accomplished
- Read more in this TechCrunch article (and hat tip to the featured image on this article from The Verge)
Worth a Look
- Patchstack has announced $5M in funding and the addition of Joost de Valk to its board.
- SolidWP has released Solid Mail, a re-imagining of the venerable WP-SMTP plugin with a significantly streamlined design and settings panel. The plugin is still free.
- Google has rolled out guidance for dealing with the August Core Update. They recommend to avoid “quick fix” changes, improving low-performing content in meaningful ways, and deleting content as a last resort.
It’s unclear why you are saying that Patchstack’s VDP Platform is new. It has been around for quite a while. It is also well known to not be working well. For example, just over a year ago we wrote about how a plugin in the program hadn’t actually fixed a vulnerability and Patchstack didn’t catch that: https://www.pluginvulnerabilities.com/2023/09/08/plugin-that-is-part-of-patchstacks-vulnerability-disclosure-program-vdp-still-contains-publicly-disclosed-sql-injection-issue/
Many of the “vulnerabilities” that Patchstack takes credit are not really vulnerabilities, so the percentage cited is probably way off. But it is a big concern that many claimed vulnerabilities are being reported to a company selling access to information about vulnerabilities instead directly to the developers. As the CEO of Patchstack has said, it isn’t ethical to be reporting vulnerabilities to someone other than the developer.