Security of Matrix and Mastodon Analyzed for the BSI

September 2, 2024 |

Tags: SAST

Static Code Analysis (SAST) of Open Source Software

On behalf of the German Federal Office for Information Security (BSI), we examined the source code of the open source applications Mastodon and Matrix for their security using static code analysis. In Mastodon, two vulnerabilities with increased hazard potential and several other security-relevant problems were discovered, which were immediately reported to the developers and mostly fixed. Some, albeit less serious, security problems were also identified in Matrix. The project aims to improve the security of popular open source software, especially for applications used by authorities or private users. The initiative will be continued with other open source applications.

The analysis was carried out in autumn 2023 and published on August 30, 2024.

BSI Report
Article on Heise Online

The Author

Mirko Richter

Mirko Richter is a Software Security Consultant, Source Code Analysis Specialist and Training Manager for basic training courses up to advanced coding and Secure SDLC training. He has been involved in software development, architecture and security since the mid-90s. He is a speaker at conferences and author of several technical articles.

mgm technology partners

mgm consulting partners

mgm integration partners

mgm security partners

QFS Quality First Software

Application Security Testing

Cyber Security Testing

Infrastructure Security Testing

Governance & Compliance

Security Culture & Human Risk

Application Security Basics

Application Security in Practice

Penetration Testing

Security of Matrix and Mastodon Analyzed for the BSI

Static Code Analysis (SAST) of Open Source Software

The Author