Regular Code Updates Limit Long-term Hacker Opportunities

Short version: Keep your website up to date — the older your CMS (e.g. WordPress, Drupal, etc.) the more time hackers have to reverse engineer and hack it.

Full disclosure and partial sales pitch: Our monthly maintenance plan includes timely updates to your site’s core software, plugins, and themes. It’s not all we do, but as the following article points out there are benefits beyond having the latest features, bells, and whistles.

Full technical version by ace computer security blogger Bruce Schneier here

Security Vulnerabilities of Legacy Code: An interesting research paper documents a “honeymoon effect” when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It’s a few years old, but I haven’t seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: “Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities,” Annual Computer Security Applications Conference 2010.

Source: Schneier on Security


David Innes,

I've been building and maintaining websites since 1997 and building and supporting similar hypertext-driven software since 1987. I've done maintenance, support, and maintenance for physical and digital systems since 1981. And no, I still haven't seen it all but by now I usually know where to look. More about David Innes...