In the past, whenever we received security related questions and suggestions for Piwik, sent to our security@piwik.org address, we quickly reacted and released a fix in a new Piwik release. However, going forward, we want to be proactive, so we requested a professional and thorough review of our code base.

SektionEins, a leading software security company based in Germany, undertook the professional security review of the Piwik source code. Stefan Esser conducted the audit on the Piwik source code for 5 full days. Stefan then sent us all the details about what could be improved in Piwik regarding security (various recommendations, XSS, etc.). Anthon and Matt from the Piwik team then prepared fixes and improvements following the security audit, which were then released in Piwik 1.1.

We would like to give a huge thanks to SektionEins and Stefan Esser for their work and support to Piwik and the open source community. We are very happy with their service, and can only recommend all other open source projects (and of course any closed source softwares) to contract them for security audits, consulting and/or security training.

We also want to give credit to our sponsors who helped us cover the cost of the review.

You can also learn more about our continuous Security efforts in Piwik.

Piwik 1.1 is rated critical. Please update to Piwik 1.1 now.


Piwik Core Team

Piwik is liberating web analytics by offering an open platform with built-in privacy. Piwik is used on more than 1 million websites worldwide and is translated in 53 languages. The Marketplace enables the community to create innovation in the world of web analytics. Roadmap - Get involved.