1. 57

Report here.

dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.

The team found the following problems: 3 Low

The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: “Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations.”


  2. 14

    From the end of the audit fix log document:

    Mike Wege (Cure53): I commend you for your proactive approach, we didn’t even check those warnings.

    When the developers are stricter than the auditors, you’re doing OK, I think.