Automattic takes WordPress security company WPScan under its wing
Although WPScan started out as a simple Ruby script to help identify vulnerabilities in self-hosted WordPress sites back in 2011, over the years its database has become a security tool used across the entire WordPress ecosystem.
Today both security researchers and WordPress communities use WPScan’s database to learn about new vulnerabilities in WordPress themes, WordPress plugins and even WordPress core. Vulnerabilities are sourced from across the web and over the last 10 years, the company has cataloged over 23,000 WordPress vulnerabilities.
In addition to sponsoring WPScan for years, Automattic relies on its vulnerability database to help power Jetpack Scan.
A resource for the WordPress community
Besides creating an outstanding security offering, Automattic’s goal for its acquisition of WPScan is to make malware data and APIs more open source.
At the same time, the company wants to ensure that WPScan remains a high-quality security resource for the entire WordPress community which is why it is exploring ways to make the API completely free for non-commercial sites according to Jetpack Product Engineering Lead at Automattic, Steve Seear.
As part of the acquisition, two of WPScan’s founders, Ryan Dewhurst and Erwan Le Rousseau, will be joining Automattic to continue their work of improving security across the entire WordPress ecosystem. Once the deal has closed, WPScan will continue to operate independently in the near term though it may be integrated into Jetpack Scan in the future.
WPScan founder Ryan Dewhurst explained in a press release how the acquisition will help take WPScan to the next level, saying:
“We’re extremely proud of building WPScan over the last ten years. Automattic has always been a great partner, and we can’t wait to start working more closely together so we can take WPScan to the next level. I’m really excited about working on making our WordPress vulnerability database more open and accessible to the community.”
Go to Source