Every so often I come across a comment on the web about how Movabletype “doesn’t have the security issues” that WordPress does, which really annoys me. No one likes bugs but to be misinformed about security is wrong.
The reality is this couldn’t be further from the truth – Movabletype has had at least three security issues this year but Movabletype is to blame for hiding/lying about the situation with no vulnerability reports and leaving people in the dark until they have a fix. So which is worse, warning people ahead of time there’s a vulnerability and not being petty about how it will make you look – or just not telling the users while the hackers already know how to exploit the problem?
Essentially no one researches Movabletype security vulnerabilities anymore – perhaps the user base has become too small, perhaps hackers aren’t even bothering because they can’t find sites using it worth hacking.
Want proof? It’s simple. Go to any site that tracks security vulnerability announcements. Here’s an example, securnia: Continue reading ‘Movabletype doesn’t report security issues’
Recent Comments