Jump to content

Response to Recent Security Events

Recommended Posts


Response to Recent Security Events


Over the last few months, WHMCS has released an unusually high number of security related updates - more than we would have liked or than you would have expected.


We understand the inconvenience that these cause, and their severity.


We have tasked several staff members with doing an internal code audit which is now well underway, and they have already identified a number of items which were addressed in the last release. We plan to continue our internal audit and release further updates as required.


We will also be commissioning at least one additional external security audit, and introducing a Security Bounty Program. External security audits are not something that are new to us, however as a security audit alone is not a guaranteed solution, we will be increasing the frequency of both internal and independent external security audits being performed.


As mentioned above, we will also be launching a Security Bounty Program designed to reward those who find issues in our software and report them to us in a responsible and safe manner. In order to encourage this we will be offering free development licenses to security researchers and monetary rewards of up to $5000 per issue. Further details will be released about this in the near future.


These steps are just the start of our overall plans to proactively address your concerns. As we move forward additional announcements will be made.


We appreciate the trust that you put in us, and we intend to make sure that trust is not misplaced.



Matt Pugh


Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated