By Neil Cook, Chief Security Architect
Well as 2017 kicks off, we have some great news to share. One of the things we take very seriously here at Open-Xchange is the security of our software, which for us is a ground-up process which involves every aspect of the software lifecycle, including coding practices, design, static and dynamic analysis, comprehensive QA and a bug-bounty program. In addition to those, another important aspect of releasing secure software is auditing the software for security vulnerabilities. We’re really pleased to announce that Mozilla, via the Mozilla Open Source Support program, have conducted a security audit on the Dovecot software, the first public audit of the Dovecot code. You can find the report here: https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot.
The company that conducted the audit (Cure 53) were extremely impressed with the quality of the dovecot code. They wrote: “Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations.”
We’d like to thank Mozilla for making this audit possible, and helping to ensure that not only Dovecot, but also many other Open-Source software projects are more secure.
You can find out more information about the Mozilla Open Source Support program here: https://www.mozilla.org/en-US/moss/