Jamersan | Magento and BigCommerce Elite Partner Agency

The State of the Magento Community and the Bug Bounty Program

Jamersan’s CEO TJ Gamble hosted a live stream with Talesh Seeparsan and Ben Marks to discuss the changes to the Magento Bug Bounty Program and the state of the Magento community generally. Here is a highlight of the live stream and you can also watch the entire video here.

Talesh begins the conversation by explaining that the Magento Bug Bounty Program is an incentive for ethical hackers to report bugs to Magento. This differs from a vulnerability disclosure strategy. Ben adds it’s essential to encourage healthy attitudes around people doing things like this with open source software.

TJ brings up the recent Twitter controversy on September 13 regarding rumors about Adobe cancelling the Bug Bounty Program. Ben says that a Twitter user noticed that the public Bug Bounty Program had ended but that the vulnerability disclosure program was implemented, which led to user concern since it wasn’t officially announced.

TJ asks why some of the more involved developers weren’t given prior notification, to which Ben notes he thought they would’ve been informed.Talesh adds that Hacker 1 is seen to be a bigger program, but that the announcement wasn’t clear. Regarding payment for the bugs, he sees that incentivizing the community to test the system is a good thing. Ben confirms that Adobe will continue to incentivize for bugs and reiterated the importance of having an involved community

TJ brings up people’s concerns that Magento was a smaller company and is now part of the larger Adobe world, leading to fears that Abode isn’t going to listen to the community. Ben mentions that overall the transition has been fairly smooth and he feels that Adobe is very supportive of the Magento community. Talesh says that, as a community member, he doesn’t feel that the change to Hacker 1 was well thought out. He thinks that Adobe doesn’t have the awareness of the importance of the Bug Bounty Program to the community

In response to TJ’s question on Matt Asay’s involvement in the Magento community, Ben says that after the acquisition announcement, Matt addressed many of the community’s concerns. He says that Matt has a solid background in the open source software world and there is a large team at Adobe focused on open source. He knows that Matt is excited about the Magento community involvement.

TJ asks a question from Twitter about the Magento 1 end of life, noting that there is a good amount of time to make the change. He believes that if you are wanting to move to Magento 2, it makes sense to make the move earlier so you have a choice of hosting. Talesh thinks it is risky to stay with Magento 1 after June of 2020 since there won’t be security patches. He thinks merchants will have to switch after that date because of the risks.

In response to a question on whether Adobe will make changes to Magento to gain a larger market share, Ben says that Adobe focuses on making Magento a broadly applicable platform. They want Magento to be a one stop solution for merchants.

TJ asks Talesh where he thinks Adobe is going to try to take Magento. Talesh doesn’t think that Magento Commerce or Open Source will be modified to make them easier for smaller merchants. He doesn’t think that Magento will simplify Magento. TJ adds his belief that Adobe is going to push more cloud based technology at a cheaper price point, with modularizing more of the functionality. He speculates that this way, each merchant can pay for just what they want or need. Ben notes that he doesn’t have any current insider knowledge, but can see those predictions being plausible.

TJ notes that Magento 1 doesn’t need some of the same technical sophistication, so that if the barrier to entry is now higher, this may discourage developers from using Magento. Talesh has seen a faster evolution of developer skill sets.

TJ asks Talesh about social media negativity in the Magento community, who notes there are a few issues. With regard to the Twitter conversations surrounding the Bug Bounty Program, he says that he needed to remind himself to not get too negative. He notes having a  microscopic view on this topic and needing instead to take a broader view. Another issue he sees in the community is about being spoiled with having had a history of access to Magento employees and feeling a sense of entitlement. TJ adds that the Twitter outrage on Bug Bounty led to Adobe addressing the issue, so that adds to some of the encouragement of social media negativity.

TJ addresses a chat comment about how since agencies sell Magento, they feel responsible to speak up about issues. TJ agrees that it is a good thing to have the community share their concerns, but is worried about the negative comments online. In response, Ben shares that he wants community members to feel respected and heard. He adds that Matt Asay had mentioned not wanting the community to think the worst. He recommends that members take a breath before sharing something on social media that is possibly caustic. Talesh agrees to take a positive approach regarding the community. Ben notes again that there is so much that is done well that doesn’t get discussed, but that they still want to hear about community concerns.

TJ agrees with the chat conversation that criticism isn’t always negative. He generally agrees with the criticism, but not always with the doomsday attitude on Twitter, so he wonders if Twitter is the best platform.

Ben agrees that people criticize because they care. He thinks it would be more concerning if people were quiet. He doesn’t think Twitter is the only platform for community exchange and there are other platforms out there, including Adobe polling the community. He shares that he will keep interacting with the community online.

Regarding muting handles, Ben notes he has previously had to mute people on Twitter, not necessarily from the Magento community. When he’s had issues in the past, he has reached out to individuals about their behavior or has directly muted people if necessary. TJ agrees that muting or blocking people isn’t beneficial to the community, but sometimes it can be helpful if the conversation goes overly negative.

Listen to the entire conversation here and subscribe to the eCommerceAholic Youtube channel. On the go? Listen to our podcast for the latest episodes. Let us know your thoughts in the comments or tweet us @eCommerceAholic #eCommerceAholic.  

Our Leadership

TJ Gamble

CEO

Shane Rodgers

Director, Operations

Alex Schreck

Director, Sales & Partnerships

Dave Christy BigCommerce & Adobe Expert

Dave Christy

Director, Delivery