Dovecot source code audit
Michael Felt
michael at felt.demon.nl
Fri Jan 13 23:25:21 UTC 2017
Congradulations. (Reminds me that is time I got started on the AIX xlc
port...)
On 13-Jan-17 18:17, Timo Sirainen wrote:
> Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
>
> Dates: October 2016 - January 2017
>
> dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
>
> The team found the following problems:
>
> • 3 Low
>
> The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
>
More information about the dovecot
mailing list