In September/October 2021, for the first time we had our open source software Stereum audited by an independet external auditor.
Thanks to the helpful guys at SBA Research we found some important security vulnerabilities that we had left in the 1.6 and earlier versions of Stereum. With the releases 1.7 and 1.8 we had already fixed most of the bugs with medium severity and above. After they were fixed, the public was able to see them on our github page.
Quote from the report: “The architecture of the complete system seems to be well thought out. The concept that all the communication between the server and the client is done over SSH helps shifting many common problems to SSH, which is a battle-proven protocol and implementation. The inten-tional limitations of the system, like that it has no multi-user support, reduce the complexity, and thus also help reducing the attack surface.”
About SBA Research:
SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.