22 WordPress developers and security specialists gathered at the Miami Marriott Biscayne Bay on November 4, 2025, for the CloudFest USA Hackathon. In one day of focused collaboration, they tackled an important challenge in the ecosystem, keeping federated and independent repositories secure and reliable.
The result was the FAIR Software Security Assistant, an open-source tool designed to support hosting providers and site owners in managing WordPress security more efficiently.
Hackathon Objectives and Team Efforts
As Carolie Olinger noted, the hackathon focused on linking Patchstack’s CVE API with the FAIR network to strengthen security workflows. “The mission was ambitious yet focused: create an integration between Patchstack’s comprehensive CVE (Common Vulnerabilities and Exposures) API and the FAIR (Federated and Independent Repositories) network.”
The goal was to automatically identify vulnerable packages and prevent the installation of those with serious security vulnerabilities, “The goal? Build a system that could automatically label vulnerable packages and prevent the installation of those with critical security issues.”
Carolie highlighted that the project also puts vital security insights directly into users’ hands, “This integration addresses a fundamental weakness in the WordPress ecosystem. With 96% of WordPress vulnerabilities stemming from third-party plugins and themes*, the project aimed to put crucial security information directly in the hands of those who need it most.”
Participants were organized into four teams, focusing on various aspects as stated, “ Four main teams tackled distinct components—the policy engine, backend API integration, and frontend UX design—while a fourth “floating” team provided support wherever needed.”
Carolie noted that by day’s end, teams delivered proof-of-concept results inclduing UX mockups showing actionable security insights, API checks successfully querying Patchstack’s vulnerability database to pull real-time vulnerability data, and a policy engine.
The policy engine emerged as a standout achievement as highlighted, “ The policy engine emerged as a particular triumph. It was the least defined component going into the hackathon, yet it became one of the most complete deliverables—a testament to the team’s creativity and problem-solving abilities.”
FAIR Security Assistant: From Concept to Prototype
The hackathon resulted in a prototype of the FAIR Software Security Assistant, a smart automation tool that tracks updates in FAIR repositories, checks them against Patchstack for vulnerabilities in real time, enforces custom hosting rules, produces compliance logs, integrates with provider dashboards, and allows providers to review and override actions if needed.
Carolie stated that the tool shifts security management from reactive to proactive, helping providers maintain consistent security standards without a central authority, “ This tool transforms security management from a reactive scramble to a proactive, automated process—addressing the critical question many providers face: How to maintain consistent security standards in the absence of a central authority to enforce them.”
She also highlighted that the collaboration strengthens the WordPress ecosystem by blocking vulnerable packages, sending real-time alerts, allowing customizable security rules, and improving supply chain transparency.
She added that for hosting providers using FAIR repositories, the tool turns security from a manual task into an automated, policy-driven process. “ For hosting providers adopting FAIR repositories, this tool transforms security management from a manual burden into an automated advantage. It demonstrates that federated architecture doesn’t mean sacrificing security—instead, it enables superior security controls with granular policy enforcement.”
An added benefit of the hackathon was a Starter GitHub Repository, initially created to help participants set up quickly, now serving as a permanent resource to make it easier for future FAIR contributors to get started.
The hackathon’s results mark the start of an ongoing collaboration, with FAIR and Patchstack set to expand the system’s capabilities. Plans include incorporating the labeling system and third-party moderation integration into future FAIR software releases.