On Tue, Oct 30, 2012 at 01:34:07PM -0400, Steven M. Christey
Perhaps the OSS community could borrow an idea from one of the
framework vendors with lots of third-party modules - I forget if
it was Joomla or Drupal - who actively maintained a list of
poorly maintained or obsolete software.
There is at least http://docs.joomla.org/Vulnerable_Extensions_List
and Drupal is coordinating contrib modules too (code reviews,
advisories, etc). I don't know if Joomla security guys handle
vulnerable extensions in some level or not.
- Henri Salo