CAcert conducts CA Systems Audits and Code Audits.
CA Systems Audit #1
For period 20060101 to 20090612, Independent Auditor (external) was Ian Grigg, better known as Iang. This role was resigned 20090612, without completion of the audit.
Criteria: The criteria chosen for this audit were were established and written by David Ross. These are known within CAcert as DRC for David Ross Criteria. CAcert was reviewed against all these criteria, some successfully, and others not. The results are recorded on the Audit Browser. Other criteria exist.
Actual: The AuditToDo has current status of tasks, also see PolicyDrafts. Everything with a red cross on Audit Browser has to be addressed. AuditWishList is a set of notes for the future.
Historical. Records of the progress are available at AuditPresentations. Some prior important events at AuditDirectives. Many early meetings were recorded by Advisory or ManagementSubCommittee, search on "AMinutes". Also see the many AuditPresentations. A high-level, readable but long sweeping overview is at An Open Audit. RisksLiabilitiesObligations was highly influential in the development of policies.
Administrative. This Audit received a significant financing boost under a grant by NLnet which is documented in the NLnet MoU. A summary of how the money was spent is at AuditBudget.
CA Systems Audit #2
Current status is that early feelers were put out by the board for a new Auditor.
Iang's opinion: For CAcert's part however it is probably better to concentrate on getting the work required in Audit #1 done, and addressing the criticisms in resignation and also in Audit/CommunityReport20090623. Having done a good faith effort, we will have a stronger hand in discussions with a new Audior.
Internal Audit
Code Audits
Independent code auditor (external) is Francesco Ongaro.
Code audits are an important part in making CAcert even more secure, that’s why we need reviews by security experts and experienced programmers both on periodic and infrequent basis.
Please refer AuditCode for more detailed informations that could be not present on this page.
If you want to help us only once since you are already overloaded or you are wondering where to start just accept the license and download the sources archive. Once you have spotted a bug mail us and we will work together for a resolution and if you were kind to us your name will be added to the Credits section on the AuditCode page.