LeastAuthority Report

Fabio (naif) Pietrosanti edited this page Jun 3, 2014 · 5 revisions
Clone this wiki locally

GlobaLeaks has received a first source code audit conducted by LeastAuthority. The audit has been done in Q1 2014 and was sponsored by the Open Technology Fund (RFA). The penetration test yielded an overall of 11 issues along with several additional design and implementation suggestions.

The complete report is available at: LeastAuthority-GlobaLeaks-Pentest-Report.pdf

A Blog Post about it is available on Least Authority Website .

All of the security issues identified has been properly fixed, discussing with LeastAuthority the approach being used to solve the problems.

In the following we list all issues with their status and reference to GitHub commits if available.

Fixed issues

Open issues

The GlobaLeaks team would like to thank LeastAuthority for the audit and Open Technology Fund for sponsoring this event.