Dovecot source code audit

Michael Fox news at mefox.org
Fri Jan 13 20:05:47 UTC 2017


Congratulations Timo and all.

Michael


> -----Original Message-----
> From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Timo
> Sirainen
> Sent: Friday, January 13, 2017 9:17 AM
> To: Dovecot Mailing List <dovecot at dovecot.org>
> Subject: Dovecot source code audit
> 
> Mozilla sponsored source code audit for Dovecot. So thanks to them we have
> our first public code audit:
> https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
> 
> Dates: October 2016 - January 2017
> 
> dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server
> deployments worldwide. The audit was performed by Cure53.
> 
> The team found the following problems:
> 
> 	• 3 Low
> 
> The Cure53 team were extremely impressed with the quality of the dovecot
> code. They wrote: "Despite much effort and thoroughly all-encompassing
> approach, the Cure53 testers only managed to assert the excellent
> security-standing of Dovecot. More specifically, only three minor security
> issues have been found in the codebase, thus translating to an
> exceptionally good outcome for Dovecot, and a true testament to the fact
> that keeping security promises is at the core of the Dovecot development
> and operations."



More information about the dovecot mailing list