Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Security audit for Eclipse Mosquitto

Roger Light <roger@xxxxxxxxxx> writes:

> * Security of the build pipeline

Is this about a specific CI setup, or about the scripts assuming they
are run by end users?

> * Search for use-after-free and/or buffer overflow
> * Usage of OpenSSL/cJSON/c-ares

I agree that OpenSSL usage is a reasonable thing to look at.

I would think that an organization that does audits would be able to run
their automated tools more or less en masse and then present results,
which are perhaps overly verbose and too false-positivy, and then spend
labor hours on figuring out what matters.

Attachment: signature.asc
Description: PGP signature


Back to the top