I am sure that none of us will ever be asked to join a debate team….
clubchill, there are several fallacies (sp?) in your argument; I only want to point out a few...
I understand, and these are very good points. However... the point that phpBB misses in all of this, is that you have to design your software for "other" software.
It is my understanding that phpBB is designed around a "standard" not a software product. IE, Firefox, etc. are all supposed to follow some predefined industry standards (yes, every vendor adds their own flair to the chagrin of others). Now, if Microsoft's product cannot successfully do this, they are responsible for fixing it.
Do you suppose these companies like banks, and investment firms that run web-apps for their clients will allow a bad .jpg or a bad .txt or a bad .mp3 or .swf to be served to the browser and compromise their data.
This is like comparing welding to spaceflight. The purpose and function of a bulletin board is very different from the software that a bank or investment firm would run. And even if I am incorrect in this statement, have you read the news in the past year? How many of those fine U.S. institutions have had web hacks and exploits that have compromised data.
Because phpBB is designed with an "i-dont-care" attitude, and it shows in the number of vulnerabilities in this software.
phpBB development needs to take a full "Corporate" approach in their design, and treat this software as if though it were set up to guard a million dollars.
Did you know that the developers performed a major security audit that resulted in 2.0.18?
Have you even looked at http://area51.phpbb.com
to see how the developers are looking into applying security to the next generation of phpbb?
Should I continue?
Please don’t make such sweeping statements.