Speed Racer Posted January 19, 2009 Posted January 19, 2009 When IPB 2.x was released there were lots of security flaws exploited on boards. As a result IPB had a major push to close any and all "holes" including a third-party security audit of the code base. With IPB 3.x the code base is in many ways "all new" so there may certainly be the potential for the same thing to happen again (security holes that developers did not catch). My question is if there will be a third party audit to help close them? I thought this was an excellent decision previously and as an end-user this made me feel very confident that IPB took things seriously.... and the result was also that hacked IPB installs fell off tremendously.
bfarber Posted January 19, 2009 Posted January 19, 2009 We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :) One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :)
Speed Racer Posted January 20, 2009 Posted January 20, 2009 Awesome! Glad to here that this is being done :).
Axel Wers Posted January 20, 2009 Posted January 20, 2009 We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :) One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :) Good news :thumbsup:
henke37 Posted January 21, 2009 Posted January 21, 2009 Ah, you are giving me too much credit, those xss issues was from users on the site I admin. Worst that I have found was the captcha ######up.
Brandon D Posted January 21, 2009 Posted January 21, 2009 We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code.
teraßyte Posted January 21, 2009 Posted January 21, 2009 We have two independent auditors who have access to a private installation (SVN updated)' date=' and direct SVN access itself to audit the code.[/quote'] [b]EDIT:[/b] lol, posted with Brandon D :P
Recommended Posts
Archived
This topic is now archived and is closed to further replies.