Jump to content

IPB 3.x Third Party Security Audit


Guest Speed Racer

Recommended Posts

Posted

When IPB 2.x was released there were lots of security flaws exploited on boards. As a result IPB had a major push to close any and all "holes" including a third-party security audit of the code base.

With IPB 3.x the code base is in many ways "all new" so there may certainly be the potential for the same thing to happen again (security holes that developers did not catch). My question is if there will be a third party audit to help close them? I thought this was an excellent decision previously and as an end-user this made me feel very confident that IPB took things seriously.... and the result was also that hacked IPB installs fell off tremendously.

Posted

We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :)

One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :)

Posted

We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :)



One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :)


Good news :thumbsup:
Posted

We have two independent auditors who have access to a private installation (SVN updated)' date=' and direct SVN access itself to audit the code.[/quote']



[b]EDIT:[/b] lol, posted with Brandon D :P

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...