CAcert conducts CA Systems Audits and Code Audits.
CA Systems Audit #1
Criteria: The criteria chosen for this audit were were established and written by David Ross. These are known within CAcert as DRC for David Ross Criteria. CAcert was reviewed against all these criteria, some successfully, and others not. The results are recorded on the Audit Browser. Other criteria exist.
Historical. Records of the progress are available at AuditPresentations. Some prior important events at AuditDirectives. Many early meetings were recorded by Advisory or ManagementSubCommittee, search on "AMinutes". Also see the many AuditPresentations. A high-level, readable but long sweeping overview is at An Open Audit. RisksLiabilitiesObligations was highly influential in the development of policies.
CA Systems Audit #2
Current status is that early feelers were put out by the board for a new Auditor.
Iang's opinion: For CAcert's part however it is probably better to concentrate on getting the work required in Audit #1 done, and addressing the criticisms in resignation and also in Audit/CommunityReport20090623. Having done a good faith effort, we will have a stronger hand in discussions with a new Audior.
Independent code auditor (external) is Francesco Ongaro.
Code audits are an important part in making CAcert even more secure, that’s why we need reviews by security experts and experienced programmers both on periodic and infrequent basis.
Please refer AuditCode for more detailed informations that could be not present on this page.
If you want to help us only once since you are already overloaded or you are wondering where to start just accept the license and download the sources archive. Once you have spotted a bug mail us and we will work together for a resolution and if you were kind to us your name will be added to the Credits section on the AuditCode page.