It is planned to get a security code review / security audit for DokuWiki by SektionEins GmbH. This page intends to coordinate the needed community actions to organize the fundraising and other audit related processes.

See the following mailing list threads if you need more background information:

• [dokuwiki] Idea: buy a security audit for DokuWiki
• [dokuwiki] DokuWiki Security Audit

The estimated budget is 15 000 EUR.¹⁾ There will be fundraising campaign to organize the money.

Let's wait and see (why solve problems before they even exist?). However, there are several options:

• Start a second fundraising round.
• SektionEins said that a discount would be possible if we really book fifteen audit days.
• We can discuss if there are services we can disclaim to get “as much audit as possible for the budget we can organize”. SektionsEins told us that many Open Source projects don't buy a full security audit but setting a budget of e.g. 10.000 EUR plus trying to get as much audit as possible by dropping all services excluding the pure code audit (like the final audit report).

• Great! Just start a discussion on the mailing list or the forum.
• If your information has to be kept confidential/non-public, feel free to contact Andreas Haerter or Andreas Gohr.