1. 57

Report here.

dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server deployments worldwide. The audit was performed by Cure53.

The team found the following problems: 3 Low

The Cure53 team were extremely impressed with the quality of the dovecot code. They wrote: “Despite much effort and thoroughly all-encompassing approach, the Cure53 testers only managed to assert the excellent security-standing of Dovecot. More specifically, only three minor security issues have been found in the codebase, thus translating to an exceptionally good outcome for Dovecot, and a true testament to the fact that keeping security promises is at the core of the Dovecot development and operations.”

  1.  

  2. 14

    From the end of the audit fix log document:

    Mike Wege (Cure53): I commend you for your proactive approach, we didn’t even check those warnings.

    When the developers are stricter than the auditors, you’re doing OK, I think.