A few years ago, I was working on a WordPress theme that had some really cool features (if I can say that without sounding as if I’m bragging). The features were brainstormed by a team and gathered through feedback through a number of customers and users, and all were implemented over a long period of time.
When the time came to actually release the theme, it proved to be worth it – it was well-received.
As with any product, we then went into maintenance mode doing the usual round of fielding bug reports, features requests, and so on, and then continued maintaining the product with periodic releases in order to provide bug fixes, minor feature updates, and so on.
Generally speaking, it was great. There was a lot to be proud of and things were going well.
But, as with anything, things couldn’t continue on the up and up forever and during one of the releases, I neglected to remove a line of code that was intended only for the development environment.
We shipped it.
And it negatively affected all of the customers who applied the update.
A Lack of Integrity? (Let’s Fix This)
Immediately, there was a, sinking feeling in the pit of my stomach. I’d like to think that anyone who really cares about the things they’re building, who care about their customers, and who care about trying to continually improve the product(s) they are releasing knows this feeling.
To make the situation even more complicated and is such the nature of maintaining something that runs, you know,on the Internet, it didn’t take long before someone caught on to the problem.
Honestly, this isn’t a bad thing. We want feedback right? And we want to provide updates and fixes as soon as possible.
To be clear, that wasn’t a type of vulnerability or anything that would compromise their WordPress installation, but it was something that would negatively impact the SEO of their site. For some, this wasn’t a big deal – especially if they were a new customer – for others, this was a major deal because their blog had been established for a while.
Luckily, a customer reported the bug to us and we had it patched and updated within hours (and by hours, I mean within four hours). But the news also found its way to another very popular blogger who decided that it would make good fodder for a story.
And who can argue with that? If you’re into spreading bad news about other people in your industry, then it makes total sense to follow the story.
The Two Types of People
I could be over-generalizing with this next bit, but it seems to me that when it comes to something like this, there are generally two ways in which people will proceed:
- Some people will report the bug and give you n-number of hours to apply a fix before taking the story to someone with a larger audience. If you end up patching the problem within the allotted time, you’re normally clear.
- Others will report the bug to you as well as to others who are likely going to run a story. If you’re lucky, you can get things fixed and then the story is moot. If, on the other hand, the story gets picked up while you’re working on the fix, then there’s little to do. The story begins to snowball and it goes from there.
Personally, I’d much rather be the first type of person. I’d like to believe that most of us would. Unfortunately, I don’t know if many people want to act that way or not; however, I’ve witnessed first hand – numerous times, both in this story and in others that aren’t directly related to me – where people seem to enjoy being the second type of person.
Perhaps the most irritating thing about that, though, is they’ll present themselves as professionals who respect their competition and want to take care of their customers though their actions will speak directly in contrast to that.
And that’s exactly what happened.
We provided a fix, ended up having to make a statement, and going into full damage control for the sake of something that could have been fixed and distributed in less than a work day had we just had the preferred protocol been followed.
But “preferred” is subjective.
And Then The Plot Twist
If this is an ongoing story, what wouldn’t a fantastic plot twist be to say that the person who was antagonizing us ultimately came under fire for something that was far more serious than what they chastised us for, and that was far more detrimental to the security of their customers installations.
There’s a level of poetic justice that isn’t there?
But the true measure of determining just how professional you really are is how you react in situations like that. That is, it’s in how you react to those who have once spat in your face.
Watching a story crop up all over the place and watching certain criticisms fly and negativity abound, you would expect, feels good.
But does it, really?
After all, if that’s how I was going to feel and how I was going to react, then what would make me any more professional than the second type of personality – the person who is now the victim – that I mentioned above?
Are We Better Than This?
So where am I going with all of this?
We, as the WordPress development community, do a pretty good job of sharing the the work that our peers are doing. There is fair reporting, a high number of retweets, and generally good, respectable discussion that all go around things that are released.
Not always, though.
To me, when it comes to security issues, it would seem that the standard protocol of operation would be to first give the developers a heads up so that they can roll out a patch.
If they opt not to patch the problem, then bring it to large blogs, publications, and security professionals who can help customers fix the problems that developers failed to do.
It’s not so much about throwing developers or companies under the bus, but it’s about protecting the people who are running the vulnerable software. Then it’s about figuring out why the developers responsible for the problem were lax on fixing the problem.
On Pessimism and Improvement
As much as I’d love for that to be the protocol, I think that there’s currently more evidence that points to the contrary. In fact, I’ll go as far as to say that for as much positivity that exists within the community, it’s counter-balanced by the infestation of people who are looking to disrespect and throw others under the bus before actually helping customers.
And that’s where it sucks. It ends up looking more like a glorified rumor mill than it does about an industry that aims to democratize publishing and looking out for the customers above anything else.
But I’m pessimistic. I don’t think things will change. I think it will always remain this way; however, I do think that some people and publications are above board when it comes to things like this. I know that this is how I want to conduct both myself and my company.
And as much pessimism as I have, maybe this will resonate a little bit you with and we raise the bar of integrity of our industry just a little bit.