I hope we can automate as much of our plugin auditing process as possible, both due to lack of time to review everything manually and to create an objective standard. A couple of potential starting points:
As others have said, even with an excellent automated review process there is no way to guarantee security, only to eliminate the “low-hanging fruit” in terms of potential issues.
I’d definitely be interested in exploring automated auditing further.
Under a system like this, ClassicPress would be building a plugin directory, not a repository. For each plugin, we’d store at least the repository name (on GitHub), the
git commit hash (to make sure that we’ve audited the current version of the code), and the basic info like icon, description, and website.