Invested in what? The open code base is intentional. I think you have a misunderstanding of what encoding is and how it relates to security.

You said Encoding ensures that those willing to spend the time to decode it will look at the source and find vulnerabilities.?

Encoding software ensures that only those who are willing to spend the time to decode it will look for vulnerabilities. These are the kinds of people you don't want decoding it and looking for vulnerabilities. When the code is well-written, as Blesta is, and a large community has access to the source, it makes it more likely that any vulnerabilities found will be reported to us in a responsible way. Malicious actors are going to look at the code either way, by encoding, you just ensure good actors don't look at the code.

In plain english, people who want to look at the source will spend time decrypting it and if they find exploits either report it or leak it. Blesta's code has been looked over by 3 sets of eyes and only 1 found some small XSS issues. If that wasn't open they couldn't do it and again why do you use Wordpress which is open-source and riddled with security issues?

You say 3 sets of eyes so how come not proofing this? in my other reply's. Wordpress is not taking money and saving peoples credit/bank cards information and personal information. It's not full of riddled with security issues. 85% of the internet is powered by Wordpress.

I would even go as far as to say that WHMCS being encoded makes it less secure. But, it lets them hide things like data collection (they collect client counts, and ?? only the black hats know, as they've undoubtedly already decoded it).

I'm not on about data collection I don't have issue with that what I have issue is all your code is open. And being open anyone can edit that code and do whatever there what and place bad code and then gain access to the Admin Area or even the server. That is why i request if Encrypting the files can be done. There is software out there what can replace Public viewing files without not even know the password to the server or FTP.

The code being open does not mean anyone can edit it. If anyone has permissions to edit the files on your server, it doesn't matter if they are encoded or not. I think you're confusing server hardening/security with application security. Nobody has permissions to modify Blesta files unless you give it to them.

I am not getting confusing by hardening/security. Is there way to have the code Obfuscation? or by using IonCube or Zend Guard.?

Yes, you can ioncube encode the files yourself if you want to do that. We aren't going to do that to the distribution though, there's no purpose and the vast majority of people are glad that Blesta is so open.

I am glad Paul you have the code open and Blesta is so open I couldn't make the very nice addons and stuff I have made for blesta if I couldn't read the code for myself to understand how to interface with the system.

Michael. This is web hosting forum talking about WHMCS vs Blesta. This is not three experts that you claim to have gone over the code?

Click the bloody links and read the posts for god sake.

I have Michael. But this is Web hosting forum so no proof that the code has been looked at by 3 people. Web hosting forum is not security specialist.

So Vlad and Patrick are lying... what do they benefit from it? They are trusted in this community and if it wasn't for them cPanel would be exploitable and the software you use now: https://blog.rack911.com I won't bother replying now suffer if you wish or move to a securer system proven by two well known trusted security experts. And if you google localhost.re you'll see the other guy. Can't argue with someone who doesn't want to be helped.