Stay organized with collectionsSave and categorize content based on your preferences.
Friday, November 20, 2009
One of the great things about working at Google is that we get to take advantage of an enormous
amount of computing power to do some really cool things. One idea we tried out was to let
webmasters know about theirpotentially hackable websites.
The initial effort was successful enough that we thought we would take it one step further by
expanding our efforts to cover other types of web applications—for example, more content
management systems (CMSs), forum/bulletin-board applications, stat-trackers, and so on.
This time, however, our goal is not just to isolate vulnerable or hackable software packages, but
to also notify webmasters about newer versions of the software packages or plugins they're running
on their website. For example, there might be aDrupalmoduleorJoomlaextensionupdate available but some folks might not have upgraded. There are a few reasons a webmaster might
not upgrade to the newer version and one of the reasons could be that they just don't know a new
version exists. This is where we think we can help. We hope to let webmasters know about new
versions of their software by sending them a message viaWebmaster Tools.
This way they can make an informed decision about whether or not they would like to upgrade.
One of the ways we identify sites to notify is by parsing source code of web pages that we crawl.
For example, WordPress and other CMS applications include a generatormetatag that specifies the
version number. This has proven to be tremendously helpful in our efforts to notify webmasters.
So if you're a software developer, and would like us to help you notify your users about newer
versions of your software, a great way to start would be to include a generatormetatag that
tells the version number of your software. If you're a plugin or a widget developer, including a
version number in the source you provide to your users is a great way to help too.
We've seen divided opinions over time about whether it's a good security practice to include a
version number in source code, because it lets hackers or worm writers know that the website
might be vulnerable to a particular type of exploit. But asMatt Mullenweg pointed out,
"Where [a worm writer's] 1.0 might have checked for version numbers, 2.0 just tests [a website's]
capabilities...". Meanwhile, the advantage of a version number is that it can help alert site
owners when they need to update their site. In the end, we tend to think that including a version
number can do more good than harm.
We plan to begin sending out the first of these messages soon and hope that webmasters find them
useful! If you have any questions or feedback, you can post in ourforum.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],[],[[["\u003cp\u003eGoogle is expanding its efforts to notify webmasters about outdated software and available updates for their websites, including CMSs, forums, and other web applications.\u003c/p\u003e\n"],["\u003cp\u003eThis initiative aims to inform webmasters about newer versions of their software packages and plugins, helping them make informed decisions about upgrades.\u003c/p\u003e\n"],["\u003cp\u003eGoogle encourages software developers to include a generator \u003ccode\u003emeta\u003c/code\u003e tag specifying the version number in their source code to facilitate these notifications.\u003c/p\u003e\n"],["\u003cp\u003eWhile there are concerns about security risks associated with disclosing version numbers, Google believes the benefits of timely updates outweigh the potential drawbacks.\u003c/p\u003e\n"],["\u003cp\u003eGoogle plans to begin sending out these notifications soon through Webmaster Tools.\u003c/p\u003e\n"]]],["Google aimed to inform webmasters about outdated software on their sites. They expanded their efforts beyond hackable websites to include notifications about newer versions of CMSs, forum applications, and plugins. They identify software versions by parsing website source code, such as the generator `meta` tag. This system alerts webmasters via Webmaster Tools, allowing them to make informed upgrade decisions. The team encourages software developers to include version numbers in their code to facilitate this notification process.\n"],null,["# New software version' notifications for your site\n\n| It's been a while since we published this blog post. Some of the information may be outdated (for example, some images may be missing, and some links may not work anymore).\n\nFriday, November 20, 2009\n\n\nOne of the great things about working at Google is that we get to take advantage of an enormous\namount of computing power to do some really cool things. One idea we tried out was to let\nwebmasters know about their\n[potentially hackable websites](/search/blog/2008/10/message-center-warnings-for-hackable).\nThe initial effort was successful enough that we thought we would take it one step further by\nexpanding our efforts to cover other types of web applications---for example, more content\nmanagement systems (CMSs), forum/bulletin-board applications, stat-trackers, and so on.\n\n\nThis time, however, our goal is not just to isolate vulnerable or hackable software packages, but\nto also notify webmasters about newer versions of the software packages or plugins they're running\non their website. For example, there might be a\n[Drupal](https://drupal.org/)\n[module](https://drupal.org/project/modules)\nor\n[Joomla](https://www.joomla.org/)\n[extension](https://extensions.joomla.org/)\nupdate available but some folks might not have upgraded. There are a few reasons a webmaster might\nnot upgrade to the newer version and one of the reasons could be that they just don't know a new\nversion exists. This is where we think we can help. We hope to let webmasters know about new\nversions of their software by sending them a message via\n[Webmaster Tools](https://search.google.com/search-console).\nThis way they can make an informed decision about whether or not they would like to upgrade.\n\n\nOne of the ways we identify sites to notify is by parsing source code of web pages that we crawl.\nFor example, WordPress and other CMS applications include a generator `meta` tag that specifies the\nversion number. This has proven to be tremendously helpful in our efforts to notify webmasters.\nSo if you're a software developer, and would like us to help you notify your users about newer\nversions of your software, a great way to start would be to include a generator `meta` tag that\ntells the version number of your software. If you're a plugin or a widget developer, including a\nversion number in the source you provide to your users is a great way to help too.\n\n\nWe've seen divided opinions over time about whether it's a good security practice to include a\nversion number in source code, because it lets hackers or worm writers know that the website\nmight be vulnerable to a particular type of exploit. But as\n[Matt Mullenweg pointed out](https://wordpress.org/development/2009/09/keep-wordpress-secure/),\n\"Where \\[a worm writer's\\] 1.0 might have checked for version numbers, 2.0 just tests \\[a website's\\]\ncapabilities...\". Meanwhile, the advantage of a version number is that it can help alert site\nowners when they need to update their site. In the end, we tend to think that including a version\nnumber can do more good than harm.\n\n\nWe plan to begin sending out the first of these messages soon and hope that webmasters find them\nuseful! If you have any questions or feedback, you can post in our\n[forum](https://support.google.com/webmasters/go/community).\n\nPosted by Patrick Chapman, Search Quality Team"]]
