Speed Racer Posted January 19, 2009 Share Posted January 19, 2009 When IPB 2.x was released there were lots of security flaws exploited on boards. As a result IPB had a major push to close any and all "holes" including a third-party security audit of the code base. With IPB 3.x the code base is in many ways "all new" so there may certainly be the potential for the same thing to happen again (security holes that developers did not catch). My question is if there will be a third party audit to help close them? I thought this was an excellent decision previously and as an end-user this made me feel very confident that IPB took things seriously.... and the result was also that hacked IPB installs fell off tremendously. Link to comment Share on other sites More sharing options...
bfarber Posted January 19, 2009 Share Posted January 19, 2009 We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :) One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :) Link to comment Share on other sites More sharing options...
Speed Racer Posted January 20, 2009 Share Posted January 20, 2009 Awesome! Glad to here that this is being done :). Link to comment Share on other sites More sharing options...
Brett B Posted January 20, 2009 Share Posted January 20, 2009 henke37 is auditing I believe. Link to comment Share on other sites More sharing options...
Axel Wers Posted January 20, 2009 Share Posted January 20, 2009 We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. They've found a couple of minor things, but nothing major yet (*crosses fingers*). :) One of the auditors is a previous auditor we've used, and the other is the party who found the XSS exploits from 2.3.4, so we're very confident in their capabilities. :) Good news :thumbsup: Link to comment Share on other sites More sharing options...
henke37 Posted January 21, 2009 Share Posted January 21, 2009 Ah, you are giving me too much credit, those xss issues was from users on the site I admin. Worst that I have found was the captcha ######up. Link to comment Share on other sites More sharing options...
FrostedPopTart Posted January 21, 2009 Share Posted January 21, 2009 Link to comment Share on other sites More sharing options...
Brandon D Posted January 21, 2009 Share Posted January 21, 2009 We have two independent auditors who have access to a private installation (SVN updated), and direct SVN access itself to audit the code. Link to comment Share on other sites More sharing options...
teraßyte Posted January 21, 2009 Share Posted January 21, 2009 We have two independent auditors who have access to a private installation (SVN updated)' date=' and direct SVN access itself to audit the code.[/quote'] [b]EDIT:[/b] lol, posted with Brandon D :P Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.