MOSS/Secure Open Source/Completed: Difference between revisions

← Older edit

MOSS/Secure Open Source/Completed (view source)

Revision as of 15:27, 17 August 2020

3,542 bytes added , 17 August 2020

date update

Ejjemba

23

edits

@@ Line 1: / Line 1: @@
 Secure Open Source has completed the following audits.
+==2019==
+===tcpdump & libpcap===
+Dates: 2019
+[https://www.tcpdump.org/ tcpdump & libpcap] are a powerful command-line packet analyzer and a portable C/C++ library for network traffic capture, respectively. The audit was performed by [http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html Michael Richardson].
+The team found the following problems:
+* 8 Verified Fixes
+The documents are as follows:
+* [https://blog.mozilla.org/netpolicy/files/2020/07/Tcpdump-Libpcap-IncludeSec-Code-Review-v1.pdf Audit report]
+* [https://blog.mozilla.org/netpolicy/files/2020/07/libpcap_tcpdump-change_fix-log.pdf Fix and validation log]
+===libssh===
+Dates: 2019
+[https://www.libssh.org/ libshh] is a multiplatform C library implementing the SSHv2 protocol on client and server side. The audit was performed by [https://cure53.de/ Cure53].
+The team found the following problems:
+* 1 Critical
+* 1 Medium
+* 7 Low
+* 3 Informational
+The documents are as follows:
+* [https://blog.mozilla.org/netpolicy/files/2020/07/pentest-report_libssh.pdf Audit report]
+* [https://blog.mozilla.org/netpolicy/files/2020/07/SSH-01-Fix-Verification.pdf Fix and validation log]
 ==2018==
+===graphite===
+Dates: August 2018
+[https://scripts.sil.org/cms/scripts/page.php?site_id=projects&item_id=graphite_home graphite] is "a "smart font" system developed specifically to handle the complexities of lesser-known languages of the world. The audit was performed by [https://radicallyopensecurity.com/ Radically Open Security].
+The team found the following problems:
+* 1 Elevated
+* 9 Moderate
+* 11 Low
+The documents are as follows:
+* [https://wiki.mozilla.org/images/9/98/Graphite-report.pdf Audit report]
+* [https://docs.google.com/document/d/1LOkCQtkF0dDch56kzl5rqNM4layoTUVjaljSOFWMS5U/edit#heading=h.2li2rmo2r9oa Fix and validation log]
+===Thunderbird and Enigmail===
+Dates: January 2018
+[https://www.thunderbird.net/en-US/ Thunderbird] and [https://www.enigmail.net/index.php/en/ Enigmail] work together to provide a free, simple interface for OpenPGP email security. The audit was performed by [https://cure53.de/ Cure53].
+The team found the following problems:
+* 3 Critical
+* 3 High
+* 3 Medium
+The documents are as follows:
+* [https://wiki.mozilla.org/images/0/0b/Thunderbird-enigmail-report.pdf Audit report]
+* [https://docs.google.com/document/d/1rZvwX-GOt9iis__CkCLtSWlz0359d_TN_vs8qp9m5ps/edit?ts=5b576f00#heading=h.2li2rmo2r9oa Fix and validation log]
+===SimpleSAMLphp===
+Dates: January 2018
+[http://simplesamlphp.org/ SimpleSAMLphp] is an application written in native PHP that deals with authentication. The audit was performed by [https://cure53.de/ Cure53].
+The team found the following problems:
+* 1 Critical
+* 3 Medium
+* 1 Informational
+The documents are as follows:
+* [https://wiki.mozilla.org/images/3/34/SimpleSAML_audit_report_1.pdf Audit report]
+* [https://wiki.mozilla.org/images/f/fb/SimpleSAMLphp_SOS_Fund_Audit_Fix_Log.pdf Fix and validation log]
+===oauth2-server===
+Dates: September 2017 - February 2018
+[https://github.com/thephpleague/oauth2-server oauth2-server] is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP. The audit was performed by [https://leastauthority.com/ Least Authority].
+The team found the following problems:
+* 1 High
+* 3 Medium
+* 1 Low
+* 2 Informational
+The documents are as follows:
+* [[Media:Oauth2-server-report-2.pdf|Audit report]]
+* [https://docs.google.com/document/d/1xSP-Cb3I2o1XtCK8EfYxdEBDpgDeLvinaFXRYvhbEeA/edit# Fix and validation log]
 ===Knot DNS===