After realizing it was going to take a lot of “paul-hours” to fix it, I decided to kill 1.0 and transition to WordPress.com, a hosted service.  So here I am…  Friendly advice:  If you are not committed to keeping your WordPress install and server well-maintained, you might want to do the same.  The transition is quite simple compared to the remediation of an infected blog.

In the past six  months I have had a number of experiences at UT Austin — working with our world-class crack security team — that raised my level of awareness on security threats and risks.  At UT we get attacked 24/7 by some high-profile, highly-skilled black hats who want our research data.  So we don’t put new applications into production without testing them hard with tools like  appscan and working with software vendors to close the gaps.

I’ve learned of a few situations where major brands are using software with vulnerabilities!  I’m not sure why they are accepting the risk.  They may not know about it.  Or they convinced themselves the risk is low.  One good attack will change their mindset.

Security risks are only increasing so make sure you have your eyes open before launching major digital or social media platforms.  That means:  1)  Working with security experts to test for vulnerabilities;  2)  Working with the software vendor to close high-risk/high-impact vulnerabilities;  3)  Testing the software AGAIN to make sure the gaps are closed and the fixes are pushed to your version of the software.

Trust me, I’ve worked with IT security experts who love to chase “boogie men.”  But secure social media applications are vital to the social enterprise and its success.  Find a security expert you trust and make sure you can look your CEO in the eye and say “there are minimal security risks associated with this initiative.”  Then you are good to go.