Search
Mastodon logo
Instagram logo
Bluesky logo
Github logo
menu
07/31/23
News

OTF & Trail of Bits’ Independent Security Audit of Save

Through support from the Open Tech Fund's (OTF) Red Team Lab, OpenArchive successfully completed a third-party security audit conducted by Trail of Bits.

At OpenArchive, we strive to make our Save app as safe as possible. Through support from the Open Tech Fund's (OTF) Red Team Lab, we successfully completed a third-party security audit conducted by Trail of Bits. Please find the OTF report here. We are pleased with the results and hope our stakeholders can take comfort in knowing our tool is secure.

Outcomes: Our tech team was able to resolve all high-severity security vulnerabilities identified in the audit. However, due to architectural constraints and third-party dependencies, we were only able to partially resolve some issues. Below, we map our plan to address outstanding issues.

Save iOS

Trail of Bits finished their initial audit of the iOS version of the Save app in Winter of 2023 and then reviewed the fixes and mitigations implemented by the OpenArchive team to resolve the issues identified in their initial audit report.

Save Android

Trail of Bits finished their initial audit of the Android version of the Save app this Spring 2023 and then reviewed the fixes and mitigations implemented by the OpenArchive team to resolve the issues identified in their initial audit report. We have addressed and solved most of the issues identified by Trail of Bits.

There are some issues that are either partially resolved or not resolved yet. These issues either do not represent a threat to Save users, are not directly exploitable, or are dependent on third-party libraries that we use.

OpenArchive’s team addressed and solved most of the issues identified by Trail of Bits. There are some issues that are either partially resolved or not resolved yet. These issues either do not represent a threat to Save users, are not directly exploitable, or are dependent on third-party libraries that we use.

Further information

If you are interested in the individual issues addressed in the report and how we solved them you can read OTF's Report here.

The Trail of Bits audits are on GitHub for Android and for iOS.

We have also published our own detailed summary of partially or unresolved issues and how we addressed or will address them.