Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
MOSS/Secure Open Source/Completed: Difference between revisions
MOSS/Secure Open Source/Completed (view source)
Revision as of 11:38, 15 September 2017
, 15 September 2017Add chrony
(Add expat audit) |
(Add chrony) |
||
| Line 2: | Line 2: | ||
==2017== | ==2017== | ||
===chrony=== | |||
Dates: June - September 2017 | |||
[http://chrony.tuxfamily.org/ chrony] is an implementation of the Network Time Protocol, used either to set the time on a particular machine or act as an NTP server for other machines on the network. The audit was performed by [https://cure53.de/ Cure53]. | |||
The team found the following problems: | |||
* 2 Low | |||
Cure53 write: The overwhelmingly positive result of this security assignment performed by three Cure53 testers can be clearly inferred from a marginal number and low-risk nature of the findings amassed in this report. Withstanding eleven full days of on-remote testing in August of 2017 means that Chrony is robust, strong, and developed with security in mind. The software boasts sound design and is secure across all tested areas. It is quite safe to assume that untested software in the Chrony family is of a similarly exceptional quality. In general, the software proved to be well-structured and marked by the right abstractions at the appropriate locations. While the functional scope of the software is quite wide, the actual implementation is surprisingly elegant and of a minimal and just necessary complexity. In sum, the Chrony NTP software stands solid and can be seen as trustworthy. | |||
The documents are as follows: | |||
* [[Media:Chrony-report.pdf|Audit report]] | |||
* [https://docs.google.com/document/d/1HpGgX4r-81BWfPmas7L2WGfByJrVEIc4hAOXLEaaV_4/edit# Fix and validation log] | |||
===expat=== | ===expat=== | ||