Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
Congratulations Timo and all. Michael> -----Original Message----- > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Timo > Sirainen > Sent: Friday, January 13, 2017 9:17 AM > To: Dovecot Mailing List <dovecot at dovecot.org> > Subject: Dovecot source code audit > > Mozilla sponsored source code audit for Dovecot. So thanks to them we have > our first public code audit: > https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot > code. They wrote: "Despite much effort and thoroughly all-encompassing > approach, the Cure53 testers only managed to assert the excellent > security-standing of Dovecot. More specifically, only three minor security > issues have been found in the codebase, thus translating to an > exceptionally good outcome for Dovecot, and a true testament to the fact > that keeping security promises is at the core of the Dovecot development > and operations."
On 2017.01.13. 19:17, Timo Sirainen wrote:> Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." >Congratulations and thank you for good work! -- KSB
Great news! I read the report, and it was enlightening as well. Congrats, Timo & Dovecot folks! On Fri, Jan 13, 2017 at 2:05 PM, Michael Fox <news at mefox.org> wrote:> Congratulations Timo and all. > > Michael > > > > -----Original Message----- > > From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Timo > > Sirainen > > Sent: Friday, January 13, 2017 9:17 AM > > To: Dovecot Mailing List <dovecot at dovecot.org> > > Subject: Dovecot source code audit > > > > Mozilla sponsored source code audit for Dovecot. So thanks to them we > have > > our first public code audit: > > https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > > > Dates: October 2016 - January 2017 > > > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > > deployments worldwide. The audit was performed by Cure53. > > > > The team found the following problems: > > > > ? 3 Low > > > > The Cure53 team were extremely impressed with the quality of the dovecot > > code. They wrote: "Despite much effort and thoroughly all-encompassing > > approach, the Cure53 testers only managed to assert the excellent > > security-standing of Dovecot. More specifically, only three minor > security > > issues have been found in the codebase, thus translating to an > > exceptionally good outcome for Dovecot, and a true testament to the fact > > that keeping security promises is at the core of the Dovecot development > > and operations." >-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281
Congradulations. (Reminds me that is time I got started on the AIX xlc port...) On 13-Jan-17 18:17, Timo Sirainen wrote:> Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations." >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 13 Jan 2017, Timo Sirainen wrote:> Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 LowCongratulations. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWHx7z3z1H7kL/d9rAQIunAf+PTs0C03TD5Fa9R82DdZt370eluds0qTL M2N32QkDrmaTi6VkWg9I8v9YoV2jjg7zSy6lSskfqY8Pu2woKL9CplQaGTwwy7ki bs1uyjI2ZStBwgUkrhtFO/Tbxm6IqmMRm9NNfBmXnnwd8qFtYDlFPKxY9ah2A/bB qROhXftt+qM1l0LD1kv846AehZNJkMrrBmbkgWm83IndwpbiJ1BWd4nIv7cELSlA D5bKlD9y/qUIxUn0A2x4jrUwnfb+Tp99e3kuYcTlj3Tfh8k9e1+3BrPNjGEWL6pd s/fMXgddkqkXxzjqsl42QRrhs9EmblkUhrao55OFkSr0T+xttOwZ9g==0/Te -----END PGP SIGNATURE-----
Congratulations. On 13 January 2017 at 22:47, Timo Sirainen <tss at iki.fi> wrote:> Mozilla sponsored source code audit for Dovecot. So thanks to them we have > our first public code audit: https://wiki.mozilla.org/MOSS/ > Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot > code. They wrote: "Despite much effort and thoroughly all-encompassing > approach, the Cure53 testers only managed to assert the excellent > security-standing of Dovecot. More specifically, only three minor security > issues have been found in the codebase, thus translating to an > exceptionally good outcome for Dovecot, and a true testament to the fact > that keeping security promises is at the core of the Dovecot development > and operations." >-- Sincerely, Prakash P. Autade.
On 13 January 2017 at 20:17, Timo Sirainen <tss at iki.fi> wrote:> Mozilla sponsored source code audit for Dovecot. So thanks to them we have > our first public code audit: https://wiki.mozilla.org/MOSS/ > Secure_Open_Source/Completed#dovecot > > Dates: October 2016 - January 2017 > > dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server > deployments worldwide. The audit was performed by Cure53. > > The team found the following problems: > > ? 3 Low > > The Cure53 team were extremely impressed with the quality of the dovecot > code. They wrote: "Despite much effort and thoroughly all-encompassing > approach, the Cure53 testers only managed to assert the excellent > security-standing of Dovecot. More specifically, only three minor security > issues have been found in the codebase, thus translating to an > exceptionally good outcome for Dovecot, and a true testament to the fact > that keeping security promises is at the core of the Dovecot development > and operations." >Congratulations! ".. used in 68% of IMAP server deployments worldwide." - congratulations to that too! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Congratulations. On Fri, Jan 13, 2017 at 6:17 PM, Timo Sirainen <'tss at iki.fi'> wrote: Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."
"used in 68% of IMAP server deployments worldwide"... ... this means that hackers have a new target to prove themselves, and to prove Cure53 is less than we think they are. We ought to brace for the storm ahead. On Fri, Jan 13, 2017 at 6:17 PM, Timo Sirainen <'tss at iki.fi'> wrote: Mozilla sponsored source code audit for Dovecot. So thanks to them we have our first public code audit: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot Dates: October 2016 - January 2017 dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53. The team found the following problems: ? 3 Low The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: "Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations."