I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found a total of 48 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on e-Passport NFC Reader (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).
Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve e-Passport NFC Reader's security, and the quality of the reports of static analysis tools.
I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found a total of 48 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on e-Passport NFC Reader (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).
Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve e-Passport NFC Reader's security, and the quality of the reports of static analysis tools.
(*) https://github.com/CROSSINGTUD/CryptoAnalysis