This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] Code Audit Report for RPKI
- Previous message (by thread): [routing-wg] Code Audit Report for RPKI
- Next message (by thread): [routing-wg] Weekly Global IPv4 Routing Table Report
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bart Bakker
bbakker at ripe.net
Fri Dec 10 16:31:51 CET 2021
Dear Job, Thanks for taking interest. > On Dec 9, 2021, at 3:46 PM, Job Snijders <job at fastly.com> wrote: > > Thank you for sharing this. Both the audit report and the response to > the audit report seemed comprehensive and informative. > > Out of curiosity, will RIPE NCC employ a different (new) auditor in > 2022? Periodically changing auditors can potentially help increase the > diversity in terms of perspective on code and security. Each auditor > represents 'fresh eyes', a useful characteristic when dealing with > complex systems. We agree on this. Preliminary to making an audit, we select an auditing company that best matches our criteria for the specific audit. In 2021, we found that Radically Open Security best fit our requirements for our needed audits. In 2020, we had penetration tests done by a different auditing company. Through this exercise, we also found that not all auditors allow the publication of the results. Since this is something we value, we will continue to select auditors that allow us to make the results publicly available. Having different perspectives is another important criterion, so we'll make sure we explore other vendors during the selection process. Hope this helps. Kind regards, Bart Bakker RIPE NCC
- Previous message (by thread): [routing-wg] Code Audit Report for RPKI
- Next message (by thread): [routing-wg] Weekly Global IPv4 Routing Table Report
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]