Google will inform webmasters about their vulnerable software

As announced earlier Google will soon start to inform webmasters if they’re running out-of-date or vulnerable software. All webmasters registered with the Google Webmaster Tools will soon get notifications in case of using outdated software. Google is trying to achieve this by parsing the HTML code of the website, especially the generator meta tag. Quoting the Google Webmaster Central Blog:

One of the ways we identify sites to notify is by parsing source code of web pages that we crawl. For example, WordPress and other CMS applications include a generator meta tag that specifies the version number. This has proven to be tremendously helpful in our efforts to notify webmasters. So if you’re a software developer, and would like us to help you notify your users about newer versions of your software, a great way to start would be to include a generator meta tag that tells the version number of your software. If you’re a plugin or a widget developer, including a version number in the source you provide to your users is a great way to help too.

If you’re using (open-source) software that is writing a generator meta tag including its name and version into the HTML code, then you’re likely to get notifications by Google if this piece of code is outdated. I think this is a good thing and it won’t cost Google that much computing power as they are already parsing the source code of the site anyway. On the other hand i am not fond of software that is giving away too much information about itself. I am still a fan of security by obfuscation – as long as this is not the only line of defense.