Mozilla sponsored source code audit for Dovecot. So thanks to them we have our
first public code audit:
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#dovecot
Dates: October 2016 - January 2017
dovecot is a POP and IMAP mailserver; it is used in 68% of IMAP server
deployments worldwide. The audit was performed by Cure53.
The team found the following problems:
• 3 Low
The Cure53 team were extremely impressed with the quality of the dovecot code.
They wrote: "Despite much effort and thoroughly all-encompassing approach, the
Cure53 testers only managed to assert the excellent security-standing of
Dovecot. More specifically, only three minor security issues have been found in
the codebase, thus translating to an exceptionally good outcome for Dovecot,
and a true testament to the fact that keeping security promises is at the core
of the Dovecot development and operations."
