The OpenSMTPD audit, a debrief
by from OpenBSD Journal on (#QBXS)
As mentioned in a previous article, the OpenSMTPD code has seen its first independent audit, which lead to a series of errata and commits. Now main OpenSMTPD developer Gilles Chehade (gilles@) posted a summary of the audit and recent events to the misc@opensmptd.org mailing list, with discussion of the bugs found and some forward-looking statements:
EHLO folks,Read more...As you can probably figure this has been a rough week and we didn't evenhave time to debrief on our own mailing-list, so now is the time.
I've been asked a year ago if I was interested in having a code audit bythe guys from Qualys. Having people actively searching for issues in thecode for us and helping us fix them proactively was just too good not toaccept given our small man-power.