The Active Market Warnings needs an overhaul. It needs links to the threads showing the security issues, and if or when they were fixed.
How do we decide if an admin has fixed an exploit in a timely manner that their marketplace can be removed?
Also how many mistakes are allowed before joining the list? Havana should be at the top currently.
I mentioned this in a thread two or possibly three ago but I agree fully with the concerns of late regarding market earnings.
We are discussing it now. I am asking anyone opening these threads -- please know this is 100% your decision) if they might edit their op to as ANYONE who had ANY input about how we can more fairly and consistently establish criteria to determine if a market should be placed on a warning list - please, please post them in this thread.
As well as re-establishing protocol we are going to research the market's currently on the list. If there is anyone interested in helping to the extent of being assigned research tasks - although we have a couple security gurus on staff, they are also volunteer mods with fully time jobs and finding time to do the research necessary requires that.
We would greatly appreciate the help of anyone who feels they have the following skillset:
a comprehensive-enough understanding of software security (you could include a brief statement about your background - I certainly don't need a copy of your MS degree in CompSci with w/concentration in security, or your CV... Just enough to see what you're familiar with and capable of and any relevant history.
spare time they are able to dedicate to doing the research
although I assume anyone interested already has this one, it's a bit sad that it's worth mentioning but unfortunately not everyone has everyones best interest in mind: we need assurance that they not have a particular strong bias about the outcome of decision to remove or retain an active warning , and one definitely not possessing a conflict of interest (vend on market or be on staff, etc) It's perfectly ok to see one of the markets as being unfairly placed and wish to take the time to right a wrong, -- that's ideal. I more mean that the interesting in helping comes from a genuine sense of assuring that the list stays accurately up to date.
We are actively discussing this now. If you believe you can contribute, please message me (/u/-lobali) with a brief note and we will chat.
Again this is something I feel extremely high on our list or things requiring immediate attention and this is another one of the things the community as s whole had s vastly stronger and wider perspective that the modteam and had valuable information.
For example - The connection between the creators or SR3/SRR/Diabolis was uncovered by a subscriber who accidentally discovered identical coding and alerted us. We generally take time to gather as much proof as possible and hold off on placing warnings and feel this is the best approach as we want to prevent ever damaging a market due to crafted or engineered false evidence convincing even one of us adding a market to the sidebar. We have found historically that the time it takes to fully research rarely takes enough time for the market to cause any damage, but the genuine damage to the potentially completely innocent market starts the moment the warning goes on the sidebar.
So in short: we offer our sincere thanks to those of you pointing this out and the feedback we have gotten so far from everyone and we are actively working on fixing this. Please do post improvement ideas and constructive criticisms in these threads -we absolutely read them and take the feedback and suggestions into consideration. And please A if you feel you have relevant skills and time that you're willing to donate to us to help follow up on the current market warning are deserved, please PM me - again, due to recent slight change in my username, use the link in the list of mods or this: /u/-lobali
Thanks everyone who has contributed so far and I am sure this is something that if we put real time and effort into establishing s solid protocol, it will be something the in the long run strengthens this community and adds a tremendous value of being known as a reliable source to refer to regarding the safety issues or markets. No market is perfect and we obviously can't slap s warning in every minor flaw, or they'd all have have one. We are aiming to establish what warrants one, and this is something the community out to have s lot of input in.