Before Google, two other orgs have done security audits on dnsmasq - both OSS outfits. Neither found the long-existing CVE-2017-14491 vuln.
Cure53's audit was time boxed and found a few serious bugs. Hard to compare, apples to oranges, differing areas of coverage, resources, etc.
-
-
I missed the other audit done though. Who did the second one on dnsmasq?
-
Suse did one, years before cure53, but 14491 has been around a long time.
- 2 more replies
New conversation -
-
-
Not pointing fingers, contrasting OSS vs commercial.
-
Hm? Google, Suse, and Cure53 are all commercial firms. What's different is areas of focus, time spent, and testing methods.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.