Dovecot source code audit
Odhiambo Washington
odhiambo at gmail.com
Mon Jan 16 17:27:37 UTC 2017
On 13 January 2017 at 20:17, Timo Sirainen <tss at iki.fi> wrote:
> Mozilla sponsored source code audit for Dovecot. So thanks to them we have
> our first public code audit: https://wiki.mozilla.org/MOSS/
> Secure_Open_Source/Completed#dovecot
>
> Dates: October 2016 - January 2017
>
> dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server
> deployments worldwide. The audit was performed by Cure53.
>
> The team found the following problems:
>
> • 3 Low
>
> The Cure53 team were extremely impressed with the quality of the dovecot
> code. They wrote: "Despite much effort and thoroughly all-encompassing
> approach, the Cure53 testers only managed to assert the excellent
> security-standing of Dovecot. More specifically, only three minor security
> issues have been found in the codebase, thus translating to an
> exceptionally good outcome for Dovecot, and a true testament to the fact
> that keeping security promises is at the core of the Dovecot development
> and operations."
>
Congratulations!
".. used in 68% of IMAP server deployments worldwide." - congratulations to
that too!
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
More information about the dovecot
mailing list