Stallyon Posted March 29, 2010 Share Posted March 29, 2010 I just wanted to ask if you will have a professional, independent security audit done on this version seeing as how there are a lot of pretty big changes? Do you usually have them done? Link to comment Share on other sites More sharing options...
Wolfie Posted March 29, 2010 Share Posted March 29, 2010 I believe IPS gets each version and subversion audited, including the point releases. I could be wrong about the point releases, but it would make sense if they do, to ensure that any bug fixes made doesn't inadvertently open up a security hole. Link to comment Share on other sites More sharing options...
WilliamB Posted March 31, 2010 Share Posted March 31, 2010 Good question about the audit. Could someone from staff answer definitively? Thanks. Link to comment Share on other sites More sharing options...
Management Charles Posted March 31, 2010 Management Share Posted March 31, 2010 We constantly audit security and yes we often hire people to do it independently. Link to comment Share on other sites More sharing options...
Wolfie Posted March 31, 2010 Share Posted March 31, 2010 We constantly audit security and yes we often hire people to do it independently. This is what makes IPB a great piece of software. IPS would rather shell out some money to have it tested and known to be a sturdy product, than to just assume that they made something secure and put other peoples sites at risk. Often times I'm sure it's money spent to get no results, but that all becomes worth the price when something is found and is able to be corrected, without a site being compromised to do it. Link to comment Share on other sites More sharing options...
Mark Posted March 31, 2010 Share Posted March 31, 2010 This is what makes IPB a great piece of software. IPS would rather shell out some money to have it tested and known to be a sturdy product, than to just assume that they made something secure and put other peoples sites at risk. Often times I'm sure it's money spent to get no results, but that all becomes worth the price when something is found and is able to be corrected, without a site being compromised to do it. Well... our own developers are very capable of writing secure code ;) The point of a third party security audit is more to consult with a security professional to recommend things we might not have thought about - they don't just come back with "Yeah, looks fine." :P We also consult with SEO professionals in the same manner. Link to comment Share on other sites More sharing options...
Wolfie Posted March 31, 2010 Share Posted March 31, 2010 Well... our own developers are very capable of writing secure code ;) The point of a third party security audit is more to consult with a security expert to recommend things we might not have thought about - they don't just come back with "Yeah, looks fine." :P Which just validates my point. A separate set of eyes, testing things out and giving feedback. Even if they were to come back with "Looks fine" several times in a row, it all pays off when they come back with, "Hey we found something." Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.