marfcat SATE.6 testing on dovecot-2.0.beta6 Human Evaluation
============================================================

This submission _complements_ the previous submission with
my evaluation of a particular non-empty report for Dovecot.

The report of interest:

  report-cweidnoprepreprawfftcos-dovecot-2.0.beta6-wireshark-test-cwe-eval.xml

It appears though form the first glance most of the are 'bogus' or
'buggy', but could indicate potential presence of weaknesses in the
flagged files. The files themselves appear interesting in that that
kind of files are likely to have security-related weaknesses, but
as-is the major weakness identified is the near complete lack of
comments from the developers describing their intentions. The code
documentation can be definitively done better for something that
is heavily deployed and used on servers.

The others that came up empty, are not repeated in this submission; nor
the log files are included -- all those and the raw report for this
submission are in  dovecot-2.0.beta6-marfcat-SATE.6.tar.bz2

The report validates under sate_2010.xsd, but not pathcheck as it
includes a spurious shell script file in the analysis by a previous
regex bug.

The source for learning was Wireshark 1.2.0.

--
Serguei A. Mokhov
mokhov@cse.concordia.ca
