Security audits of Home Assistant(www.home-assistant.io)

posted 1 year ago

Undearius@lemmy.ca

homeassistant@lemmy.world

8 commentshide report

All reported issues have been addressed as part of Home Assistant 2023.9, released on September 6, 2023

Cure53 found issues in Home Assistant, 3 of which were marked as “critical” severity
The GitHub Security Lab also audited Home Assistant and found six non-critical issues. Two of the issues overlapped with Cure53.
No authentication bypasses have been found

Sort:

Hot Top Controversial New Old

[ - ]

AliasAKA@lemmy.world

31 points

1 year ago

This is really awesome — open source allows for auditing. Not great that there are vulnerabilities, but these vulnerabilities also exist (and possibly more) in closed source software that doesn’t get audited to be fixed, just exploited. Hopefully these get patched soon!

permalink

report

[ - ]

linearchaos@lemmy.world

27 points

1 year ago

There are always vulnerabilities. Any vulnerabilities we find are cause to celebrate because they get fixed.

permalink

report

parent

[ - ]

monty33@lemmy.ml

13 points

1 year ago

Article says all were patched in 2023-09 release!

permalink

report

parent

[ - ]

AliasAKA@lemmy.world

3 points

1 year ago

Ah thank you, I should’ve read more closely :)

permalink

report

parent

[ - ]

rhymepurple@lemmy.ml

4 points

1 year ago

I agree that Home Assistant’s audit is a good thing. While I love that Home Assistant is open source, I’m not sure how that impacts the audit. Proprietary, closed source software can be audited with few differences from an open source software’s audit. The biggest difference is that you, myself, or anyone could audit open source software, but it would not be easy for that to happen with closed source software.

permalink

report

parent

[ - ]

Big P@feddit.uk

1 point

1 year ago

It’s easier to find something like XSS or auth bypass when you can read the code

permalink

report

parent

[ - ]

AliasAKA@lemmy.world

1 point

1 year ago

Sure, but closed source audits aren’t often made public. So we don’t know when, or how, closed source software is audited. Beyond just our ability to self audit open source, we often get better reporting on the contracted audits performed on open source software.

permalink

report

parent

[ - ]

Free Palestine 🇵🇸@sh.itjust.works

16 points

1 year ago

Nice to see that Home Assistant is audited!

permalink

report

homeassistant

!homeassistant@lemmy.world

Create post

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

Community stats

408
Monthly active users
533
Posts
5.5K
Comments

Community moderators

GreatAlbatross@feddit.uk