The Billing Boss team takes security seriously, and we've always put it first.  Our app has used SSL by default since the first beta in March 2008, because we know it matters.

Today we were advised via Twitter by Manoj Ranaweera that he was using Billing Boss without SSL.  That was a surprise, and we didn't think it was possible.  It turned out that last Wednesday when we unified the Sage Spark and Billing Boss sign up processes we introduced a problem where some registrants would not get an SSL connection the first time they used the app.  Although this is unlikely to have resulted in anyone's data being compromised, it was very important to address it immediately and we did.

When investigating, we found that machines with locales set to any English locale other than en_US (like en_UK or en_CA) would show this problem, but any other language and locale was fine (French was fine, Spanish was fine, Hindi was fine, etc).  This is particularly galling to us Canadians, since we had our test machines set to en_US.  We have fixed the problem, and updated our testing procedures to include a mixture of various English language locales and other locales, so we know this particular problem won't happen again.

Although we go to great lengths and expense to ensure security through training, procedures, testing, inspections and audits (both internally and externally), we're aware that nothing is ever perfect.  But we appreciate your help in improving Billing Boss.  We appreciate all feedback on Billing Boss: praise is great, but criticism is always constructive.