Topic: Punbb v1.3 security audit?
After a visit to phpbb.com today, I notice that in their latest release - phpBB 3.0 RC7 - they included a whole bunch of fixes recommended by a security auditor who gave the previous RC6 a once over:
This release is mostly the outcome of an external security audit performed by SektionEins. All items tagged as [Sec] were found by the company doing the audit and revealed some fundamental problems we were able to fix. We are proud that the audit revealed no sql injection vulnerability or critical command execution vulnerabilities.
Once the punBB v1.3 code base gets more stable, it may be worthwhile for punBB to do the same.
I get the impression that the auditors the phpBB group used - SektionEins, the developers of the hardened-php project - do a range of work probably gratis for many open-source projects: http://www.sektioneins.de/content/en.26 … tent2.html
Since they are already punBB users - see http://forum.hardened-php.net - I suspect they may be quite inclined to help out if requested to audit PunBB v1.3.