Dear Bart, RIPE NCC RPKI team, On Fri, Dec 03, 2021 at 12:47:05PM +0100, Bart Bakker wrote: > Continuing from the work we started last year on strengthening our > security compliance, we have asked an external party to carry out a > security audit of our RPKI code. This was an important element in > preparation for open sourcing the RPKI core code, which will be done > in early January 2022.
That is welcome news! > We are publishing the security report for the second year in an effort > to increase transparency and trust in the RPKI system. On our website > [0], you will now find the code audit report written by Radically Open > Security 2021 and our response to their findings. > > We hope you will find these reports useful, and we look forward to > your feedback. > > [0] - > https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/security-and-compliance Thank you for sharing this. Both the audit report and the response to the audit report seemed comprehensive and informative. Out of curiosity, will RIPE NCC employ a different (new) auditor in 2022? Periodically changing auditors can potentially help increase the diversity in terms of perspective on code and security. Each auditor represents 'fresh eyes', a useful characteristic when dealing with complex systems. Kind regards, Job -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/routing-wg
