Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted January 19, 200916 yr When IPB 2.x was released there were lots of security flaws exploited on boards. As a result IPB had a major push to close any and all "holes" including a third-party security audit of the code base. With IPB 3.x the code base is in many ways "all new" so there may certainly be the potential for the same thing to happen again (security holes that developers did not catch). My question is if there will be a third party audit to help close them? I thought this was an excellent decision previously and as an end-user this made me feel very confident that IPB took things seriously.... and the result was also that hacked IPB installs fell off tremendously.
January 19, 200916 yr We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :) One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :)
January 20, 200916 yr We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :) One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :) Good news :thumbsup:
January 21, 200916 yr Ah, you are giving me too much credit, those xss issues was from users on the site I admin. Worst that I have found was the captcha ######up.
January 21, 200916 yr We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code.
January 21, 200916 yr Community Expert We have two independent auditors who have access to a private installation (SVN updated)' date=' and direct SVN access itself to audit the code.[/quote'] [b]EDIT:[/b] lol, posted with Brandon D :P
Archived
This topic is now archived and is closed to further replies.