September 24th, 2006
To: cPanel, Inc.
Re: Formal request for codebase audit
In regards to the security incident and advisory of the weekend of the 23rd of September, 2006 titled CPANEL-2006:01-01 -- this is a formal request on behalf of our organization, and the organizations listed below, requesting cPanel engage security consultants for a full security audit of the cPanel/WHM codebase.
The evidence of a local privilege escalation compromise, the large scale issues experienced by the Hostgator group, and the closed source nature of your management platform are the underlying reasons for a formal audit request. At this point in time we require assurance from a third party entity that your codebase provides a secure operating environment for our users.
We would request that any audit include fixes to all discovered security issues, and full disclosure be provided to cPanel partners and distributors once appropriate time has been provided for these updates to be pushed to your customer base.
Please provide notification that this request has been acknowledged, as well as a timeline for these audits to take place.
We also wish to emphasize that we are making this request as loyal customers who want to see your product succeed, as it is in the best interest of everyone that your product be as secure as possible.
Clear-Data Internet Services
d/b/a Myriad Network