[routing-wg] Code Audit Report for RPKI
- Previous message (by thread): [routing-wg] Code Audit Report for RPKI
- Next message (by thread): [routing-wg] Code Audit Report for RPKI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at fastly.com
Thu Dec 9 15:46:32 CET 2021
Dear Bart, RIPE NCC RPKI team, On Fri, Dec 03, 2021 at 12:47:05PM +0100, Bart Bakker wrote: > Continuing from the work we started last year on strengthening our > security compliance, we have asked an external party to carry out a > security audit of our RPKI code. This was an important element in > preparation for open sourcing the RPKI core code, which will be done > in early January 2022. That is welcome news! > We are publishing the security report for the second year in an effort > to increase transparency and trust in the RPKI system. On our website > [0], you will now find the code audit report written by Radically Open > Security 2021 and our response to their findings. > > We hope you will find these reports useful, and we look forward to > your feedback. > > [0] - https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/security-and-compliance Thank you for sharing this. Both the audit report and the response to the audit report seemed comprehensive and informative. Out of curiosity, will RIPE NCC employ a different (new) auditor in 2022? Periodically changing auditors can potentially help increase the diversity in terms of perspective on code and security. Each auditor represents 'fresh eyes', a useful characteristic when dealing with complex systems. Kind regards, Job
- Previous message (by thread): [routing-wg] Code Audit Report for RPKI
- Next message (by thread): [routing-wg] Code Audit Report for RPKI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]