Zerodayscan and Drupal: finding bugs for fame

If you use Drupal or are considering using Zerodayscan, please read Heine Deelstra's post about Zerodayscan.

As a Drupal user you should feel confident that Drupal's belief in "secure by default" doesn't override the goal of creating easy to use sites by default. It is often a balance between the two and in this case Drupal is choosing to be more usable rather than more secure.

If you are thinking of using Zerodayscan, consider the "research" they are doing and the way they promote the "vulnerabilities" that they find. There are better security products out there...


Avoid like the plague is a phishing site that attempts to compromise websites via javascript injection.