Mustlive wrote up a good overview on the end of the Month of Search Engine Bugs. Over 100 bugs were found, and less than half were fixed by the companies in question. That’s not exactly a great track record but in some cases it’s only been a few days. One thing I thought was interesting was that only two companies wrote to thank Mustlive for finding the bugs. One could argue that they don’t see this as a service, and more of an annoyance than anything, but especially in the case of the community sites, it’s better if whitehats find it than people who use it maliciously.
Now about the sites not fixing the holes. One thing I’d like to make clear from lots of personal experience is that it takes time to fix holes. No matter how big or small it cannot be done instantly. Even with the most agile sites, you still have to a) know about the hole b) make the change and c) test the change. In large sites it can take weeks to go through that process, and sometimes even longer. One of the best examples of that is publicly traded companies that do the bulk of their business through their websites. Sites like this often have quiet periods and aren’t allowed to make changes to their platform because it risks the stability of the sites during the busy season. So 40% of sites fixing these problems might sound appalling but sometimes there is a lot more than meets the eye. However, perhaps it’s time to change the status quo.