[FASherman]

You've completely missed the point. Let me try to restate it.

Code with backdoors were uploaded to this site and downloaded by users of this site.

The code found thus far is relatively harmless, but it was only found because it interacted with this site AND it took several months to be noticed.

This does not mean that all backdoors have been found. Nor does it mean all that all as of yet unfound backdoors are harmless.

Someone said there is a procedure in place for security risks. I disagree. There may be procedures for reacting to vulnerabilities once known, but nothing of a proactive nature to expose potential vulnerabilities before they happen.

And lets stop referring to Jelsoft. If the VB.Org staff is to be believed, and I think they are entitled to that, then VB.Org is NOT Jelsoft. This is a unique and separate entity.

So, my two cents on a solution...

1. Hacks not supported by the author should not even be here. Thats the biggest risk right there.

2. Hacks/Mods/plugins/products - anything with PHP code - should only be allowed to be posted by individuals in a particular group, coder group for example.

3. There should be a verification process for allowing an individual into the coder group, some identifying credentials that translates a computer username into a real person with a verified location in the real world.

4. Coder titles should not be based on post counts. If I release a poor product, I could easily ratchet up my post count supporting that dog. Coder titles should be a formula taking into account longevity, post count, threads started in the release areas, combined install bases, number of monimations for HOTM and number of times won, all properly weighted so that no one variable matters significantly. It is the overall body of work that matters.

5. HOTM should be based on something other than raw install numbers. You need a more meaningful criteria than that, plus then there is no need for install numbers to generate this type of an issue. The folks on the coding team should be able to make nominations based on merit if their good enough developers in their own right. And what's wrong with 10 nominees? Let each coding team member nominate 2 hacks and give us a narrative as to why.

6. Again for the coding team. Any hack/file/plugin/product should be subject to random audits and the results made known. Maybe not specifically, but perhaps award the code a "VB.Org" certified label. Also something for the programmer themselves, showing that their code meets VB.Org standards.

7. Finally, when you do find something amiss, IMMEDIATELY email all users who have installed the prodcut/plugin/code and tell us to suspend its operation immediately. Your loyalty in that situation is to us, the install base of the code, and not to the coder.

8 I lied. THIS is the final thought. Charge for listing commercial software if you so desire, but give a discount for any developer that offers a useful "lite" version here. You should definitely differentiate between those that see VB.Org as a target market and those that support the site with lite versions.

Flame away, boys and girls. I'm a big boy. I can take it.