POP and IMAP mailserver suite Dovecot has passed an extensive audit by hackers, who were able to find only three minor vulnerabilities. Dovecot is especially popular with service providers, so the news that four Cure53 researchers have given it a “thoroughly all-encompassing” audit and found the software to have “excellent security-standing” is welcome news. The Mozilla Mozilla Open Source Support-backed audit performed by Berlin-based Cure53 lasted 20 days and produced a report [PDF] dubbing the server “near impenetrable”. The team says the small number of vulnerabilities is impressive considering Dovecot’s highly complex codebase. “As for the latter, a considerable length of 20 days of testing over the two months of October and November of 2016 attest to a near-impenetrable security disposition of the Dovecot suite,” the auditors say in their report. “Quite clearly, this is a refreshingly pleasant result, which should by no means be taken-for-granted, or perceived as the ‘usual standard’ in the mature and complex software environments of similar kind.”
Original source: The Register
View full story