Seems they are making some progress: http://blog.whmcs.com/?t=80970
Over the last few months, WHMCS has released an unusually high number of security related updates - more than we would have liked or than you would have expected.
We understand the inconvenience that these cause, and their severity.
We have tasked several staff members with doing an internal code audit which is now well underway, and they have already identified a number of items which were addressed in the last release. We plan to continue our internal audit and release further updates as required.
We will also be commissioning at least one additional external security audit, and introducing a Security Bounty Program. External security audits are not something that are new to us, however as a security audit alone is not a guaranteed solution, we will be increasing the frequency of both internal and independent external security audits being performed.
As mentioned above, we will also be launching a Security Bounty Program designed to reward those who find issues in our software and report them to us in a responsible and safe manner. In order to encourage this we will be offering free development licenses to security researchers and monetary rewards of up to $5000 per issue. Further details will be released about this in the near future.
These steps are just the start of our overall plans to proactively address your concerns. As we move forward additional announcements will be made.
We appreciate the trust that you put in us, and we intend to make sure that trust is not misplaced.
Last edited by a moderator: