Vulnerable Extensions List Team dealing with all 3rd party developer components, modules, plugins and templates. 
Note due to the sensitive nature of the work, meeting notes will not normally be published.

Parent Team
Extensions Directory Team
Joomler Position Role Date Started
Claire Mandville United Kingdom Team Leader Nov 2014 Phil DeGruy Assistant Team Leader Assistant Lead Nov 2014 Bernard Toplak Croatia Member Helpdesk Coordinator Apr 2015 Fiona Coulter United Kingdom Member Assistant Lead Apr 2015
Joomler Position Role Date Started Date Ended Sander Potjer Netherlands CLT Liaison Nov 2014 Dec 2015

Assistant Lead

Developer Coordinator

Supports developers in getting exploits resolved.

Apply for this role

Exploit Researcher

Locates latest exploits via news feeds and website links

Apply for this role

Extension Tester

Tests Updates against POC A poc tester is expected to be able to do the following. Download a suspected vulnerable extension. Install to the latest version of joomla. Test proof of concept from alerts to confirm or deny vulnerable extensions. They should be able to test all methods of exploit and prepare a summary of findings. Application with full bio/cv please

Apply for this role

Helpdesk Coordinator

Supports developers in getting exploits resolved

Apply for this role

2nd Quater meeting 17

By Claire Mandville on 2017-07-23 19:43 in Vulnerable Extensions List Team

2nd Quater meeting.Discussion and approval on droppping JIRA ticket system.Dissucsion on ongoing recruitment.Discussion on operations team reshuffle and processes.Discussion on interdepartment communication issues.Discussions then fell under NDA.

Read more: 2nd Quater meeting 17

January 2017

By Claire Mandville on 2017-01-13 20:31 in Vulnerable Extensions List Team

Here are the points covered by the VEL team in their recent meeting.Discussion on responsible disclosure and time between fixing, release and notification of patch.  Discusion on recent and active VEL items.Discussion on vulnerable abandon ware listings.Discussion on SOP manual. Discussion on...

Read more: January 2017

Transition Changes and policy

By Claire Mandville on 2016-11-19 00:20 in Vulnerable Extensions List Team

The VEL team in their recent meeting discussed the transition documents and process.  "Mandville" was elected by voting member majority to be the new lead and new roles defined for the current members. New roles for contributors were created.  The API team will be archived and effort...

Read more: Transition Changes and policy

October 2016

By Claire Mandville on 2016-10-23 20:01 in Vulnerable Extensions List Team

Discussion on unreportable items. Discussion on reporting issues with hosting.  Issues with missing reports and contacts from volunteers portal.  Response to recruitment drive  

Read more: October 2016

August meeting notes

By Claire Mandville on 2015-08-13 00:00 in Vulnerable Extensions List Team

August Meeting discussion points. Adding ssl certificate to vel site, showing our reporters that we take security seriously DNS SPF and DKIM records for uplifting security and reliability of our emails VEL internal extension development Update on JIRA integration VEL API - data format...

Read more: August meeting notes

VEL roundtable discussion march 15

By Claire Mandville on 2015-04-01 00:00 in Vulnerable Extensions List Team

In a 2 hour round table discussion, the VEL team discussed the following. 1. meetup at JAB/JWC - For most of the team, our attendance at the JWC/JAB is impractical due to working schedules. Other meetings can be arranged as timings permit.2.  Due to the nature of the workflow, it was decided...

Read more: VEL roundtable discussion march 15

RSS Feed

Please apply for roles at
You can submit Vulnerable Extension List reports by visiting

Please login to contact this Team