One of our clients built an app upon a platform called Qbix and hired us to do a pre-launch code audit of their app as well as Qbix's platform.
We reviewed a lot of software projects since our last public report. Out of all of them, Qbix Platform seemed to have the least number of vulnerabilities, which stands as a testament to the developers' dedication to application security best practices. It became almost a game for us to find holes in the security of this 400,000 line codebase. In the end, we found 2 low-severity vulnerabilities and 2 medium-severity vulnerabilities.
Although we provided a recommended patch for each of the issues we identified, Qbix, Inc. reworked them to not rely on Composer before being merged.