Boost logo

Boost :

Subject: Re: [boost] [beast] Security
From: Rene Rivera (grafikrobot_at_[hidden])
Date: 2017-12-13 15:03:18


On Wed, Dec 13, 2017 at 8:21 AM, Vinnie Falco via Boost <
boost_at_[hidden]> wrote:

> On Tue, Dec 12, 2017 at 8:57 PM, Marshall Clow via Boost
> <boost_at_[hidden]> wrote:
> > I can heartily recommend the project OSS-Fuzz.
> > https://github.com/google/oss-fuzz
>
> Lets not bury the lede here. It is great that I have personally fuzzed
> Beast and written extensive tests with high coverage but the point of
> the report is that Beast has been investigated by an impartial third
> party who specializes in security reviews.
>

That is indeed a very good development. I wish other libraries could get
such security treatment. It might be worth investigating if we can get
sponsors to perform such audits on other libraries in exchange for a
mention along side the audit report.

-- 
-- Rene Rivera
-- Grafik - Don't Assume Anything
-- Robot Dreams - http://robot-dreams.net

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk