The Joomla Project is pleased to introduce a new team focused solely on managing and improving Joomla security—the Joomla Security Strike Team—and their new home at the Joomla Security Center.
The JSST replaces the previous Joomla Security Team by assembling a top-notch group of Joomla experts, complemented by security talent recruited from outside Joomla. Together, part of their goal is to investigate and respond to security matters.
JSST leader Anthony Ferrara is excited about what this means for Joomla security. "We're already well into our first mission—a low-level code audit and a deeper look into every reported vulnerability since 1.5.0 alpha."
The new JSST will call the new Joomla Security Center their home base. The Security Center provides a public presence for security issues and a platform for the JSST to help the general public better understand security and how it relates to Joomla. The Security Center also offers users a clearer understanding of how security issues are handled. There's also a news feed, which provides subscribers an up-to-the-minute notification of security issues as they arise.
"The Joomla Core Team has been planning a new security team for a few months now in order to improve efficiency and effectiveness. The previous team worked in relative isolation, but the new Strike Team will have a strong public-facing presence," said Ferrara.
But the JSST won't stop there. They fully expect the Joomla community to do its part in reporting vulnerabilities and have created a form for such reports. For each verified security issue reported, the JSST will send the user a free Joomla t-shirt.
Ferrara said, "Security is a perpetual process. We're going to make Joomla even better than it already is."
You may have noticed the new look of Joomla.org and it's just the beginning of our new facelift. Not only is it a new and pretty face, but deeper changes as well. Here are just a few of the highlights of the new design overhaul:
- More user-centric design: The top portion of the home page focuses on directing users in Joomla's three primary user groups: Beginner, Intermediate & Advanced. These are three top-level "funnels" for quickly getting users to relevant content.
- Consolidation of resources: As the previous sites grew, the architecture became more convoluted and pages with redundant resources were created or, conversely, related information was strewn across several pages. A consolidation of information should help users more logically find what they need.
- More resources brought up to the home page: The previous home page gave users Joomla news and not much more. The lower portion of the new home page brings forward content from many of Joomla's most important aspects. Repeat visitors can get the latest information from a multitude of sources all at a glance.
- More overall integration: Each of the Joomla sites has differing approaches to resolving unique informational and navigational aspects. When taking into consideration the evolution and overall growth of our group of sites, we have taken a hard look of the complexities and how to resolve those in a manner to give the best user experience.
- Compliance with W3 standards: Joomla template pages validate according to the XHTML 1.0 Transitional standard.
This morning, Joomla.org was defaced a few hours after releasing our new design. This is not a new security issue, but only poor system administration practices on our part. When we updated our Web sites with the Joomla 1.5.6 security fix released yesterday, we simply forgot to update one of our small, non-public development sites.
Now, we could offer many excuses why it was overlooked—we were focused on fixing this vulnerability, creating the packages, and getting the word out. But the truth is, there is no excuse. This is an obvious and sobering reminder to the Joomla Project that staying current with upgrades is the most important step towards protecting your Web site.