MOSS/Secure Open Source/Completed: Difference between revisions

← Older edit

MOSS/Secure Open Source/Completed (view source)

Revision as of 15:27, 17 August 2020

2,711 bytes added , 17 August 2020

date update

Ejjemba

23

edits

@@ Line 1: / Line 1: @@
 Secure Open Source has completed the following audits.
+==2019==
+===tcpdump & libpcap===
+Dates: 2019
+[https://www.tcpdump.org/ tcpdump & libpcap] are a powerful command-line packet analyzer and a portable C/C++ library for network traffic capture, respectively. The audit was performed by [http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html Michael Richardson].
+The team found the following problems:
+* 8 Verified Fixes
+The documents are as follows:
+* [https://blog.mozilla.org/netpolicy/files/2020/07/Tcpdump-Libpcap-IncludeSec-Code-Review-v1.pdf Audit report]
+* [https://blog.mozilla.org/netpolicy/files/2020/07/libpcap_tcpdump-change_fix-log.pdf Fix and validation log]
+===libssh===
+Dates: 2019
+[https://www.libssh.org/ libshh] is a multiplatform C library implementing the SSHv2 protocol on client and server side. The audit was performed by [https://cure53.de/ Cure53].
+The team found the following problems:
+* 1 Critical
+* 1 Medium
+* 7 Low
+* 3 Informational
+The documents are as follows:
+* [https://blog.mozilla.org/netpolicy/files/2020/07/pentest-report_libssh.pdf Audit report]
+* [https://blog.mozilla.org/netpolicy/files/2020/07/SSH-01-Fix-Verification.pdf Fix and validation log]
 ==2018==
-===OAuth 2.0 Server===
+===graphite===
+Dates: August 2018
+[https://scripts.sil.org/cms/scripts/page.php?site_id=projects&item_id=graphite_home graphite] is "a "smart font" system developed specifically to handle the complexities of lesser-known languages of the world. The audit was performed by [https://radicallyopensecurity.com/ Radically Open Security].
+The team found the following problems:
+* 1 Elevated
+* 9 Moderate
+* 11 Low
+The documents are as follows:
+* [https://wiki.mozilla.org/images/9/98/Graphite-report.pdf Audit report]
+* [https://docs.google.com/document/d/1LOkCQtkF0dDch56kzl5rqNM4layoTUVjaljSOFWMS5U/edit#heading=h.2li2rmo2r9oa Fix and validation log]
+===Thunderbird and Enigmail===
+Dates: January 2018
+[https://www.thunderbird.net/en-US/ Thunderbird] and [https://www.enigmail.net/index.php/en/ Enigmail] work together to provide a free, simple interface for OpenPGP email security. The audit was performed by [https://cure53.de/ Cure53].
+The team found the following problems:
+* 3 Critical
+* 3 High
+* 3 Medium
+The documents are as follows:
+* [https://wiki.mozilla.org/images/0/0b/Thunderbird-enigmail-report.pdf Audit report]
+* [https://docs.google.com/document/d/1rZvwX-GOt9iis__CkCLtSWlz0359d_TN_vs8qp9m5ps/edit?ts=5b576f00#heading=h.2li2rmo2r9oa Fix and validation log]
+===SimpleSAMLphp===
+Dates: January 2018
+[http://simplesamlphp.org/ SimpleSAMLphp] is an application written in native PHP that deals with authentication. The audit was performed by [https://cure53.de/ Cure53].
+The team found the following problems:
+* 1 Critical
+* 3 Medium
+* 1 Informational
+The documents are as follows:
+* [https://wiki.mozilla.org/images/3/34/SimpleSAML_audit_report_1.pdf Audit report]
+* [https://wiki.mozilla.org/images/f/fb/SimpleSAMLphp_SOS_Fund_Audit_Fix_Log.pdf Fix and validation log]
+===oauth2-server===
 Dates: September 2017 - February 2018
-OAuth 2.0 Server is the server for OAuth 2.0, an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2.0 provides authorization flows for web and desktop applications, and mobile devices. The audit was performed by [https://leastauthority.com/ Least Authority].
+[https://github.com/thephpleague/oauth2-server oauth2-server] is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP. The audit was performed by [https://leastauthority.com/ Least Authority].
 The team found the following problems: