WordPress 3.0.2, the first mandatory security update in quite a while, was released not too long ago. The update patched an exploit which allowed an Author-level users to gain access to the site well above their user level, but the real story here is the overall efficiency of the volunteer developers.
With a team unpaid volunteers keeping WordPress in tip-top shape, you might be surprised to hear that this particular update went from initial disclosure of the exploit to final release in no more than four hours! That particular time frame is almost unheard of, even amongst commercial projects.
To further sweeten the pot, the VaultPress team automatically pushed a hotfix the next day to all VaultPress-enabled blogs, ensuring that all VaultPress users were protected from the exploit, even if they had not had a chance to apply the 3.0.2 update.
With such an efficient team of volunteer developers, and an easy to use automated update system that’ll have you on the latest version in a matter of seconds, WordPress security exploits may start to become less of a concern for a community of millions of avid bloggers.