[GH-ISSUE #366] Security Audit #314

New issue

Open

opened 2026-02-25 21:34:43 +03:00 by kerem · 8 comments

kerem commented 2026-02-25 21:34:43 +03:00

Owner

Copy link

Originally created by @dumblob on GitHub (Dec 27, 2019).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/366

🗣 Suggestion

As discussed already before in https://github.com/jasonmunro/cypht/issues/11#issuecomment-283608217 , a security audit would be beneficial. Today I heard about Google Patch Rewards extending their offering to all open source projects. Cypht could try to apply 😉.

Originally created by @dumblob on GitHub (Dec 27, 2019). Original GitHub issue: https://github.com/cypht-org/cypht/issues/366 ## 🗣 Suggestion As discussed already before in https://github.com/jasonmunro/cypht/issues/11#issuecomment-283608217 , a security audit would be beneficial. Today I heard about [Google Patch Rewards](https://docs.google.com/forms/d/e/1FAIpQLSd8e9sUxexNHi7UcADE17iR5MtRUfRYReweCL2ULNbdY61gww/viewform ) extending their offering to all open source projects. Cypht could try to apply :wink:.

kerem added the

help wanted

label 2026-02-25 21:34:43 +03:00

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@Yamakasi commented on GitHub (Dec 28, 2019):

@dumblob I have discussed earlier with Jason to do a security audit which will (hopefully) be funded by me when possible.

Jason has a company he likes to get the audit done with but as I'm not ready to to go production it will be in Q2 of 2020 before I can discuss that with him further :)

<!-- gh-comment-id:569374470 --> @Yamakasi commented on GitHub (Dec 28, 2019): @dumblob I have discussed earlier with Jason to do a security audit which will (hopefully) be funded by me when possible. Jason has a company he likes to get the audit done with but as I'm not ready to to go production it will be in Q2 of 2020 before I can discuss that with him further :)

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@dumblob commented on GitHub (Dec 28, 2019):

@Yamakasi sounds interesting, keep us posted here. Btw. even if you want to fund it, it still makes a lot of sense to gather the funding from several different sites, so you can still take a look at Google Patch Rewards and other private or public sector sponsors.

<!-- gh-comment-id:569399651 --> @dumblob commented on GitHub (Dec 28, 2019): @Yamakasi sounds interesting, keep us posted here. Btw. even if you want to fund it, it still makes a lot of sense to gather the funding from several different sites, so you can still take a look at Google Patch Rewards and other private or public sector sponsors.

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@jasonmunro commented on GitHub (Jan 7, 2020):

@dumblob this looks worth giving it a shot. Even the "small" tier would likely cover a full security audit (based on old unofficial quotes but still). I will check out the application process and update this issue when I do.

<!-- gh-comment-id:571394990 --> @jasonmunro commented on GitHub (Jan 7, 2020): @dumblob this looks worth giving it a shot. Even the "small" tier would likely cover a full security audit (based on old unofficial quotes but still). I will check out the application process and update this issue when I do.

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (May 31, 2020):

@Yamakasi : any news?

Thanks!

<!-- gh-comment-id:636468407 --> @marclaporte commented on GitHub (May 31, 2020): @Yamakasi : any news? Thanks!

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Jul 31, 2022):

Anyone want to lead this?

<!-- gh-comment-id:1200487100 --> @marclaporte commented on GitHub (Jul 31, 2022): Anyone want to lead this?

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Oct 22, 2022):

I am ready to co-sponsor a security audit on Cypht. We just need one more co-sponsor and we can proceed. Please contact me if you are willing to also be a co-sponsor.

<!-- gh-comment-id:1287947635 --> @marclaporte commented on GitHub (Oct 22, 2022): I am ready to co-sponsor a security audit on Cypht. We just need one more co-sponsor and we can proceed. Please contact me if you are willing to also be a co-sponsor.

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@dumblob commented on GitHub (Nov 8, 2022):

IDK - Mozilla again 😉?

<!-- gh-comment-id:1307234152 --> @dumblob commented on GitHub (Nov 8, 2022): IDK - [Mozilla again :wink:](https://blog.mozilla.org/en/mozilla/mozilla-launches-first-of-its-kind-venture-fund-to-fuel-responsible-tech-companies-products/ )?

kerem commented 2026-02-25 21:34:44 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Nov 8, 2022):

Ok, looking for a volunteer to draft up the request/proposal.

<!-- gh-comment-id:1307650729 --> @marclaporte commented on GitHub (Nov 8, 2022): Ok, looking for a volunteer to draft up the request/proposal.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2.x

mta-sts-implementation

feat-compose-backspace-delete-recipients

release-2.5.1

add-tls3-support

1.4.x

enforce-coverage

release-2.4.2

strip_dns_prefetch_tags

fix_nightly_build

pr-title-validation-update

review-sent-email

revert-1339-fixed-tags-display

revert-1061-rem-cram-md5

sys-messages-revamp

revert-685-fixed-str-pos-warning-when-no-to

revert-590-empty-settings

release-1.3.0

revert-471-draft-add-warning

revert-454-feature/server-list-by-uniqid

php7.4-support

release-1.2.0

remove-mobile-media-queries

release-1.1.0

release-1.0.0

v2.7.0

v2.6.0

v2.5.1

v2.5.0

v1.4.7

v2.4.2

v2.4.1

v1.4.6

v1.4.5

v2.4.0

v2.3.0

v2.2.0

v1.4.4

v2.1.0

v2.0.1

v1.4.3

v2.0.0

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.3.0-rc3

v1.3.0-rc2

v1.3.0-rc1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.0

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

Labels

Clear labels   

2fa

  

I18N

  

PGP

  

Security

  

Security

  

account

  

advanced_search

  

advanced_search

  

announcement

  

api_login

  

authentication

  

awaiting feedback

  

blocker

  

bug

  

bug

  

bug

  

calendar

  

config

  

contacts

  

core

  

core

  

devops

  

docker

  

docs

  

duplicate

  

dynamic_login

  

enhancement

  

epic

  

feature

  

feeds

  

framework

  

github

  

github

  

gmail_contacts

  

good first issue

  

help wanted

  

history

  

history

  

imap

  

imap_folders

  

inline_message

  

installation

  

keyboard_shortcuts

  

keyboard_shortcuts

  

ldap_contacts

  

mobile

  

need-ssh-access

  

new module set

  

nux

  

pop3

  

profiles

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactor

  

release

  

research

  

saved_searches

  

smtp

  

strategic

  

tags

  

tests

  

themes

  

website

  

wordpress

No labels

2fa

I18N

PGP

Security

Security

account

advanced_search

advanced_search

announcement

api_login

authentication

awaiting feedback

blocker

bug

bug

bug

calendar

config

contacts

core

core

devops

docker

docs

duplicate

dynamic_login

enhancement

epic

feature

feeds

framework

github

github

gmail_contacts

good first issue

help wanted

history

history

imap

imap_folders

inline_message

installation

keyboard_shortcuts

keyboard_shortcuts

ldap_contacts

mobile

need-ssh-access

new module set

nux

pop3

profiles

pull-request

question

refactor

release

research

saved_searches

smtp

strategic

tags

tests

themes

website

wordpress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cypht#314

No description provided.