GeistHaus
log in · sign up

2023 Security Audit

brew.sh

Homebrew had a security audit performed in 2023. This audit was funded by the Open Technology Fund and conducted by Trail of Bits. Trail of Bits’ report contained 25 items, of which 16 were fixed, 3 are in progress, and 6 are acknowledged by Homebrew’s maintainers. Below is the scope of testing, findings by severity, and mitigation and acknowledgements.

2 pages link to this URL
Our audit of Homebrew
The Trail of Bits Blog William Woodruff

This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself (home of the brew CLI), and three adjacent repositories responsible for various security-relevant aspects of Homebrew’s operation: Homebrew/actions: a repository of custom GitHub Actions used […]

1 inbound link article en research-practice research-practice