<blockquote> What do you mean by "support"?
</blockquote>
I don't know myself yet, because we haven't started yet to dig into the code. The first phase will be to identify a list of possible types of vulnerabilities, such as:
- "$" instead of ":" variables in SQL
- incomplete ad_page_contracts
- Admin pages without a check that the user is admin or P/O pages without apropriate permissions
- pages where commands are passed as a variable(?!)
- ...
I know the ACS 3.4 code pretty well, but I'm lacking in-depth knowledge of many 5.x areas, so we would need here there to think of vulnerability types.
<blockquote> we always keep a stable and a development branch.
</blockquote>
The costs for a certification are some €10.000. That's definitely too much for any stable branch, so the lifetime of the certified branch should be a year or even several years. Is that possible? What consequences would that have?
Bests,
Frank