Blog posts by Duncan Stuart

  • 6 years, 4 job titles, 3 offices, 1 great company

    Six years is an unusual amount of time to spend working for the same company these days – more so when that company works with technology. The thing is, my time at dxw has really been like working for a number of different companies. These days we have a well-developed recruitment process involving an application […]

  • Cyber UK 2017 Conference – Part 2: Embedding security expertise in the delivery team

    In my first blog post about the Cyber UK conference, I talked about the first big idea which resonated with me: that security is everyone’s responsibility and there’s little value in punishing individuals for any failures. So how do you start to implement this in practice? The second big idea from the conference was that […]

  • Cyber UK 2017 Conference – Part 1: Security is a team sport

    Earlier this month Harry and I attended the second edition of the Cyber UK conference  in Liverpool, hosted by the National Cyber Security Centre (NCSC) ( Across three days of talks, workshops, networking, and hacking challenges (which we won!) we heard a lot of ideas and opinions about the state of information security in the […]

  • Trends in WordPress plugin security

    Most of my time recently has involved working with WordPress plugin security. In a previous post I talked about some of the vulnerabilities which the dxw Security team have discovered and recently published. One of my other responsibilities is monitoring lots of feeds for plugin security vulnerabilities reported by other people and adding them to […]

  • Some WordPress Plugin vulnerabilities we’ve published recently

    Most of my time recently has involved working with WordPress plugin security and I’d like to have a look at some of the security issues and themes which I’ve come across recently: One of my day-to-day responsibilities is managing the quality assurance and reporting of security vulnerability reports which we produce as a result of […]

  • Hello MongooseWP

    We have recently launched MongooseWP – an email subscription service to alert website developers to security vulnerabilities in WordPress plugins. It’s unfortunately very common for WordPress plugins to have vulnerabilities. As part of our managed hosting service we review plugins for security issues. We’ve found that over half of the plugins we’ve tested to date contain serious security vulnerabilities. Most vulnerabilities […]