Am Donnerstag, 5. September 2019, 11:37:27 CEST schrieb Konstantin Boyandin via Exim-users: > Just curious, whether Exim is regularly tested for vulnerabilities as > it's developed?
This is a bit simple view onto software security. There is no internet software without any security issues as it is impossible to "write secure software". At least one of the CVEs was initiated by a exim developer who found problems while working on "his" own (earlier) code - this is not a "standard case" in many OS software projects (even less proprietary). And at least some of the CVE only affected a sub-amount of the users. >From my view it seems that EXIMs code is getting much more auditing attention since 2019 then before (what - for mke - is a good sign). > The critical security updates are being announced way too often last > year. hmm, another option would be to choose software which did not get any security updates, because no one checks / audits them so far or if, publishes it's knowledge to the users.... regular / fast security updates / patches are necessary on any internet host today (is no "honeypot" or similiar) - independent from exim. best regards, niels. -- --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
