Thanks to funding from NLNet and ISRG,
the sudo-rs team was able to request an audit from Radically Open Security (ROS).
In this post, we'll share the findings of the audit and our response to those findings.
ROS performed crystal-box penetration...
Conspiracy theory: the workgroup found an RCE vulnerability and assigned it identifier CLN-002 but never disclosed it to public and instead sold it to (CIA|DHL|MiB)
Conspiracy theory: the workgroup found an RCE vulnerability and assigned it identifier CLN-002 but never disclosed it to public and instead sold it to (CIA|DHL|MiB)