Re: we need to integrate new password algorhythm ASAP |
Subject: Re: we need to integrate new password algorhythm ASAP by Zaphod on 2008/3/12 1:38:05 Quote:
I still think there is a need to have a review process where new modules/versions are examined against a list of the most common vulnerabilities. Modules/versions that 'pass' the evaluation could be marked with a 'security audited' logo or something like that (also, we could publish a page on exactly what this means - ie. what the audit covers). Apart from reducing the number of incidents it will help module authors learn and avoid future problems. I'd be happy to help out with this later on. Just sitting down to audit security of my first module now Would it be worth trying to put together a list of stuff to check or did someone do that already somewhere? |