The PHP Security Blog has posted a new item today with their take on the latest release of phpBB, one of the most widely used message board systems - and the trouble it might cause.

At the 19th July phpBB 2.0.17 had been released, which was just another security release. At the same time their development team proudly announced that they have started a audit of the complete source base together with a number of so called top-notch security people.

They never wanted to elaborate the names of these people and therefore many people just believed that the audit did not exist at all and was only announced to stop hosters banning phpBB. Quite similiar to the sudden appearance of a certain inactive consortium after the Santy worm had been unleashed.

He goes on comment about the lack of response on the part of the phpBB team to submitted bugs, including some XSS and a SQL remote code execution issue.

It's pretty widely known that the team for this project has been a bit slow to react in the past - one can only hope that this audit can make amends for some of that...