[Council Meeting] Minutes from 2020-06-08
ben.bucksch at beonex.com
Mon Jul 6 23:39:16 UTC 2020
> Berna inquired if there are more thoughts on doing a code audit
> (related to crypto).
An important addition from the security standpoint: If you want to
secure the crypto users, the scope of an audit must be not only code
related to crypto, but 100% all of Thunderbird, when it comes to
critical security holes. Per definition
<https://www.mozilla.org/en-US/security/advisories/>, any critical hole
anywhere in Thunderbird allows an attacker to also read the private
keys, install a keylogger, and read all stored mail, and not only that,
but most other documents owned of that user on that computer, even
outside of mail. So, a security audit only of crypto related code is not
the right perspective.
The best start is to look for critical holes first, before looking for
Of course, given that all the crypto code is new, it's a good idea to
look at that as well.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tb-planning