Security is being brought up quite often, which is quite possibly painting the currently available add-ons in a bad light, perhaps unnecessarily.
We have a documented process in place for the reporting of vulnerabilities, you can see it here:
https://xenforo.com/community/help/resource-vulnerabilities/
I can count on one hand the number of times I have witnessed this procedure be called upon, either through seeing a resource update state it is a security release or through Mike or I getting involved in such a report.
What this means, quite simply, is that either:
- In spite of a lack of code review, very few vulnerable add-ons actually exist or
- They exist and that isn't being reported in the appropriate way
Security issues are certainly not the only issues that exist, but by far they are the most impactful and this is an area that should be focused upon more than any. In lieu of any new process, I just want to please urge people to follow the above guidelines if issues are noticed and not keep them quiet, encourage them to be reported responsibly, and as per the guidelines please contact us if the issues go unresolved.
As for everything else that has been discussed, I just wanted to make sure that people know that we're watching the feedback in this thread very closely, and although we don't have any direct answers right now, I'm certain this will be a point of consideration and discussion in the future. I think the previous several pages have demonstrated that it is a complex issue with no clear solution, so bear with us.