Have you considered that…
-
Sangoma continues to provide this very active forum while employing lots of people involved in the FreePBX project, as well as the underlying Asterisk framework and forums ?
-
Sangoma is currently seriously addressing security issue reporting in more depth ?
-
If you lock down the FreePBX “web” interface from anything but localhost and instead SSH in and tunnel some ports to get to said interface; or opt for more basic module selections without bringing in the kitchen sink; then you can avoid every single one of the problems highlighted in this thread thus far ?
-
Sending a few emails (to anonymous group/catch-all addresses?) and a few tweets (to marketing staff?) begs for more effort on the part of an extremely-intelligent and savvy security researcher especially for the open source portions of the problems ?
-
This guy might know wazzup and perhaps is the best person to answer the petition for redress of grievances ?