These all open-source community troubles with hackers happened on a regular basis, but this time, such software as a WordPress was affected, which has without any doubt, the biggest blogging base on the net. This time, a hacker, has managed to alter the source available for download, which people all over the net has downloaded last week, including some back-doors and stuff like that.
No matter what the fact is, the most important point about this attack is very clear – such thing would hardly ever happened to a close source program. First of all, only in an open-source project it is possible for someone completely unknown to contribute to the software development directly, without strong control, secondly – someone who is working for a firm, will have some serious legal difficulties, based on the contract, the firm will most probably sue “the contributor” and hence, he won’t be able to find any reasonably job in our industry, but in open-source you are just an email, registered somewhere at the free email service, like Google or Hotmail.
I think that open-source community should use this chance and the lesson by learning and improving the security system. Previously, I have praised a lot wordpress developers, and i still do, such thing could have happened to any popular open-source project. Now the most important is to implement the system, which would protect users from such attacks, increasing the security of the contribution code, increasing the difficulty of such attack again, but i don’t believe in any real measure which would allow eliminate such threats at all, since open-source idea is based on the trust and willingness to help, which sometimes is just a wish to harm.