Skip to main content

Who Is to Blame for Vulnerabilities?

| Alaudae.JP

Every time a vulnerability is found in Joomla, I see the same debate: who is responsible? Some blame the developers, others say the community reacts too slowly.

My answer is simple. The responsibility lies with the site operator. In other words, with you and me.

Why? Because it was the operator who decided to use Joomla, knowing both its strengths and its weaknesses. When you choose a CMS, you research its characteristics and compare it with other systems. "I had no idea it had vulnerabilities" is not a valid excuse. That flaws are found in software over time is something you should have understood from day one.

One more thing. As with most services on the internet, the final responsibility rests with the user. We all accepted that when we started. Asking "who is responsible?" only after a problem appears makes no sense.

Of course, there is an exception: the case where Joomla itself or a third-party product contained malicious code planted from the start. But hardly any developer would deliberately destroy their own reputation and livelihood, so this possibility is extremely low.

You might ask, "Then where can I find a completely safe website?" The answer is that no such site exists. The reason is simple: everything made by humans contains flaws. Even so, people keep compensating for those flaws and keep building better things. As long as malicious attackers exist, this battle will continue forever.

So the conclusion is clear. If you want to keep running your website, and if you do not want to live in fear every time vulnerability news breaks, stick to the following:

  • Keep the core and all extensions on the latest version at all times
  • Do not install code or third-party products you do not need. Remove what you no longer use
  • Understand that updating is not something someone else will do for you. It is work the operator must keep doing

This is the most reliable defense available to a site operator.