When IPB 2.x was released there were lots of security flaws exploited on boards. As a result IPB had a major push to close any and all "holes" including a third-party security audit of the code base.

With IPB 3.x the code base is in many ways "all new" so there may certainly be the potential for the same thing to happen again (security holes that developers did not catch). My question is if there will be a third party audit to help close them? I thought this was an excellent decision previously and as an end-user this made me feel very confident that IPB took things seriously.... and the result was also that hacked IPB installs fell off tremendously.

We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :)

One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :)

Awesome! Glad to here that this is being done :).

henke37 is auditing I believe.

We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :)

One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :)

Good news :thumbsup:

Ah, you are giving me too much credit, those xss issues was from users on the site I admin. Worst that I have found was the captcha ######up.

We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code.

We have two independent auditors who have access to a private installation (SVN updated)' date=' and direct SVN access itself to audit the code.[/quote']

[b]EDIT:[/b] lol, posted with Brandon D :P