amuck-landowner

KwiBill

KwiceroLTD

New Member
Verified Provider

Aldryic C'boas

The Pony
What level of liability are you accepting responsibility for should a database full of client contact information end up leaked due to exploit/compromise related directly to the software?
 

MannDude

Just a dude
vpsBoard Founder
Moderator
What level of liability are you accepting responsibility for should a database full of client contact information end up leaked due to exploit/compromise related directly to the software?
What level of liability does WHMCS or ClientExec accept when that happens? Or any other software?

I'd imagine he'd probably just patch the issue, and release a statement, and ideally done as quickly as humanly possible to minimize damage.
 

KwiceroLTD

New Member
Verified Provider
What level of liability are you accepting responsibility for should a database full of client contact information end up leaked due to exploit/compromise related directly to the software?
I offer no warranty on the software, once you buy it if you modify the core code, I accept no liabilities. I will if/once a bug is located, write a patch, test it to ensure it's working, release the patch, post a public announcement to notify every customer to download the patch to prevent compromising of their systems.

I don't suspect SQL injection will be an issue, am using PDO with prepared statements, making sure nothing goes direct into the SQL query. I've put in security for other things like XSS,CSRF,etc. So I don't suspect the core software will be responsible for any exploit/compromise.
 
Last edited by a moderator:

trewq

Active Member
Verified Provider
I don't suspect SQL injection will be an issue, am using PDO with prepared statements, making sure nothing goes direct into the SQL query. I've put in security for other things like XSS,CSRF,etc. So I don't suspect the core software will be responsible for any exploit/compromise.
Security is always an issue. There is always someone smarter than you.


Have you had your code audited?
 

KwiceroLTD

New Member
Verified Provider
Security is always an issue. There is always someone smarter than you.


Have you had your code audited?
Yes, I have had the code audited by two individuals, if you have someone in mind, I'm willing to have the code audited once more.
 

DomainBop

Dormant VPSB Pathogen
@jarland just to let you know mate he hasn't removed you from the directors yet: https://companycheck.co.uk/company/09475165/KWICERO-LTD/directors-secretaries

^^ I'd get that taken care of quickly because the company's annual return is due in less than 2 months (April 3rd) and if the CEO has disappeared and doesn't file in time then the other directors are liable (UK can impose fines up to  £5,000 and Companies House sends directors nasty letters warning of prosecution for late filing/non-filing)
 
Last edited by a moderator:

jarland

The ocean is digital
^^ I'd get that taken care of quickly because the company's annual return is due in less than 2 months (April 3rd) and if the CEO has disappeared and doesn't file in time then the other directors are liable (UK can impose fines up to  £5,000 and Companies House sends directors nasty letters warning of prosecution for late filing/non-filing)

I wish I had an ounce of an idea how to actually go about it :(
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
Last edited by a moderator:
Top
amuck-landowner