Shortly after releasing the BlindElephant report at BlackHat USA 2010, we were contacted by the maintainers of phpBB to contest the results we reported in the whitepaper and the slide deck. They informed us specifically of an error in our interpretation of the affected versions and severity of a recent vulnerability. Additional discussion led us to realize that a simplification made to more easily convey the data could be misleading. Hence, we are releasing an updated Version 2 of the whitepaper and slides to clarify these issues.
Updated material includes the following corrections:
Lastly, large-scale tests of BlindElephant provided data on the adoption of various versions of supported applications, and insight into the patch and update behavior of system administrators. We share these results of BlindElephant with the community only to encourage discussion about how these applications are actually deployed and used by websites. This research should not be construed as a recommendation or a criticism of any of the applications discussed.