By Bob Walsh

Yesterday I got taken to task because I suggested a micro-ISV could build a very profitable business around providing WordPress support, reviews of plugins, and perhaps their own WP plugins.

Today, FrSIRT lists this Security Advisory (Thanks cehwiedel, via Twitter):

“Multiple vulnerabilities have been identified in WordPress, which could be exploited by malicious users to bypass security restrictions or conduct SQL injection attacks.

The first issue is due to an input validation error in the “xmlrpc.php” script that does not validate user-supplied arguments before being used in SQL statements, which could be exploited by malicious users to execute arbitrary SQL queries.

The second issue is due to an access validation error in the “xmlrpc.php” script that does not validate user permissions, which could be exploited by malicious users with contributor privileges and without “publish_posts” permissions to publish certain posts.”

Who the hell has the time to spare to keep up with this crap? This may be a real stop everything, fix it or die, security alert or a vulnerability on par with me winning the lottery – e.g. exactly zero. I don’t know and I don’t have the time to find out. Hence the need for a micro-ISV who can deliver judgment, concise information, clear instructions and useful coding bits.

Online businesses like blogging are businesses with real needs and the money to fix them. Micro-ISVs should be jumping on this. Here’s three Micro-ISV business ideas, if you happen to be looking for the same:

  • WordPress Wizard – see this post and above. I’d pay 30$ a year, more, if I could get support when I need it. Yes, there are blogs, for example, , but this is still too much information.
  • Screencast 2.0 – Kind of line – a growing set of Web 2.0 screencasts to help the slightly behind the curve people get into and use the sites we all do (, bootcamp, flickr come to mind).
  • Subversion for Real People – How to install, config, and remotely backup stuff, not just code. Hook this to S3, show how non-programmers can use Subversion to protect their digital assets, offer really good information on how TSFITs (too small for IT departments) can setup, secure and maintain subversion.

Now if all these Micro-ISV ideas don’t sound like the desktop software you know and love from Windows 98 – you’re right. It’s software/knowledge as a service, with coding bits mixed in as secret sauce when and where needed. Most of all, it’s addressing unmet needs people have right now that did not exist even a few years ago.

1 Comment

  1. You tell ’em, Bob. I have decades of technical background — but back-to-back-to-back security-related upgrades get old fast if software upgrades are not your interest. I pay an accountant to prepare my taxes (thank you, CP!). I would subscribe to a micro-ISV that provides (quality!) support for the software that I use (e.g., WordPress, Joomla) so I can pay attention to Other Stuff — this from someone who runs a blog with a tagline of “Science, technology & life.” I would like to have time left over for the “& life” part!

Write A Comment