What does the "Certified" label mean? Is it just a note to say that the mod seems to be working allright, or is it a statement on the actual security status of the mod? Do the certification officers read through the code at all, or do they just do a test install and give it a spin? What exactly is involved in the certification process?

In particular, are the Boonex certification officers qualified to screen the mods for XSS and SQL injection vulnerabilities? Do they run test attack scenarios see more from different vectors, or just give the code a general glance? (Are they all experienced developers themselves, even?) If Dolphin has just undergone a security audit and been certified as secure, certifying mods that open up new vulnerabilities seems to be quite counterproductive, for it conveys a false sense of security to users.

To illustrate, I subscribed to Drupal's security mailing list mid-November, and have since received some 50 odd reports of extension bugs and vulnerabilities, a good deal of them featuring serious security holes. I have no reason to assume Boonex indie developers would be any different or better in their mods' security levels; just something to think about before rushing ahead to plug in "certified" mods.