Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
Congratulations Timo and all.
Michael
-----Original Message----- From: dovecot [mailto:dovecot-bounces@dovecot.org] On Behalf Of Timo Sirainen Sent: Friday, January 13, 2017 9:17 AM To: Dovecot Mailing List <dovecot@dovecot.org> Subject: Dovecot source code audit
Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
Great news! I read the report, and it was enlightening as well.
Congrats, Timo & Dovecot folks!
On Fri, Jan 13, 2017 at 2:05 PM, Michael Fox <news@mefox.org> wrote:
Congratulations Timo and all.
Michael
-----Original Message----- From: dovecot [mailto:dovecot-bounces@dovecot.org] On Behalf Of Timo Sirainen Sent: Friday, January 13, 2017 9:17 AM To: Dovecot Mailing List <dovecot@dovecot.org> Subject: Dovecot source code audit
Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
On 2017.01.13. 19:17, Timo Sirainen wrote:
Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
Congratulations and thank you for good work!
-- KSB
Congradulations. (Reminds me that is time I got started on the AIX xlc port...)
On 13-Jan-17 18:17, Timo Sirainen wrote:
Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 13 Jan 2017, Timo Sirainen wrote:
Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
Congratulations.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWHx7z3z1H7kL/d9rAQIunAf+PTs0C03TD5Fa9R82DdZt370eluds0qTL M2N32QkDrmaTi6VkWg9I8v9YoV2jjg7zSy6lSskfqY8Pu2woKL9CplQaGTwwy7ki bs1uyjI2ZStBwgUkrhtFO/Tbxm6IqmMRm9NNfBmXnnwd8qFtYDlFPKxY9ah2A/bB qROhXftt+qM1l0LD1kv846AehZNJkMrrBmbkgWm83IndwpbiJ1BWd4nIv7cELSlA D5bKlD9y/qUIxUn0A2x4jrUwnfb+Tp99e3kuYcTlj3Tfh8k9e1+3BrPNjGEWL6pd s/fMXgddkqkXxzjqsl42QRrhs9EmblkUhrao55OFkSr0T+xttOwZ9g== =0/Te -----END PGP SIGNATURE-----
Congratulations.
On 13 January 2017 at 22:47, Timo Sirainen <tss@iki.fi> wrote:
Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/ Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
-- Sincerely, Prakash P. Autade.
On 13 January 2017 at 20:17, Timo Sirainen <tss@iki.fi> wrote:
Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/ Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
Congratulations!
".. used in 68% of IMAP server deployments worldwide." - congratulations to that too!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Congratulations.
On Fri, Jan 13, 2017 at 6:17 PM, Timo Sirainen <'tss@iki.fi'> wrote: Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
"used in 68% of IMAP server deployments worldwide"...
... this means that hackers have a new target to prove themselves, and to prove Cure53 is less than we think they are. We ought to brace for the storm ahead.
On Fri, Jan 13, 2017 at 6:17 PM, Timo Sirainen <'tss@iki.fi'> wrote: Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
participants (9)
-
KSB
-
Larry Rosenman
-
Michael Felt
-
Michael Fox
-
Odhiambo Washington
-
Prakash Autade
-
Ruga
-
Steffen Kaiser
-
Timo Sirainen