Would WordPress benefit from public relations messaging around security issues?

After looking at the latest WordPress security report from Patchstack, Rob Howard challenges some of its numbers. He believes core WordPress is more secure than the report indicates. He notes a significant overlooked statistic: “core WordPress vulnerabilities went from 22 in 2020 to just one in 2021.”

Rob also thinks open-source transparency about bugs and security issues “puts us at a bit of a public-relations disadvantage” that ought to be counteracted with positive messaging. No one outside of Shopify and Squarespace knows how many security issues those platforms had in any given year. That may be a competitive advantage in marketing.

This isn't a bad idea:

“It would benefit everyone if we could figure out a better public-relations solution to these announcements. When writers use only raw numbers (millions!) or low-context statistics (150%!), it degrades the WordPress brand for no good reason… we [also] need WordPress security messaging that doesn’t come from people who sell WordPress security software.”

Not a bad idea at all.

What do you think β€” should we spin up the bright side of WordPress security issues? Would it make a difference that matters to market share, brand reputation, the WordPress community and ecosystem, or…?

Similar Posts