Dovecot source code audit

Larry Rosenman larryrtx at gmail.com
Fri Jan 13 20:23:54 UTC 2017


Great news!  I read the report, and it was enlightening as well.

Congrats, Timo & Dovecot folks!

On Fri, Jan 13, 2017 at 2:05 PM, Michael Fox <news at mefox.org> wrote:

> Congratulations Timo and all.
>
> Michael
>
>
> > -----Original Message-----
> > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Timo
> > Sirainen
> > Sent: Friday, January 13, 2017 9:17 AM
> > To: Dovecot Mailing List <dovecot at dovecot.org>
> > Subject: Dovecot source code audit
> >
> > Mozilla sponsored source code audit for Dovecot. So thanks to them we
> have
> > our first public code audit:
> > https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
> >
> > Dates: October 2016 - January 2017
> >
> > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server
> > deployments worldwide. The audit was performed by Cure53.
> >
> > The team found the following problems:
> >
> >       • 3 Low
> >
> > The Cure53 team were extremely impressed with the quality of the dovecot
> > code. They wrote: "Despite much effort and thoroughly all-encompassing
> > approach, the Cure53 testers only managed to assert the excellent
> > security-standing of Dovecot. More specifically, only three minor
> security
> > issues have been found in the codebase, thus translating to an
> > exceptionally good outcome for Dovecot, and a true testament to the fact
> > that keeping security promises is at the core of the Dovecot development
> > and operations."
>



-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640 (c)     E-Mail: larryrtx at gmail.com
US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281


More information about the dovecot mailing list