The latest of the audit reports, for Jan-April, is now on the wiki. Much has happened since the last report, here are the headlines:

1. CAcert has a new Security Policy in DRAFT which covers the systems administrators, the Access Engineers, and also the Support and Software people.
2. With this in place, Audit will now visit the systems team in Ede, Netherlands in early May. This will be the first visit to review the systems against that Security Policy. My guess is that we will need 3 visits.
3. A new Software Development team met in Innsbruck last week to review the software and prepare the way forward. Their recommendation: total rewrite. The design was done during the week, and is documented. Next steps are to .. write the code! This is where we find out if coding is really as easy as talking 🙂 if you want to participate, and who wouldn’t want to be in the team that totally changes the face of CAcert … then keep an eye on the cacert-devel list.
4. Assurance Policy is now full POLICY.
5. Audit is now in high gear checking Assurances. See all the other blog posts.
6. On 16th May, in Munich, we will meet up with the heavy-hitting German Assurance team of Sebastian, Ulrich and Ted. There, we’ll talk about the results from the audit checks, and think about a roadmap for the future.

Big picture: Audit is in high gear. Much will be done, much will be checked. Now this might be “optimistic” but bear in mind that the resources are very limited. If there are any missteps, if there are any big delays, then CAcert is in trouble. We simply don’t have the time and money to delay this into the future.

So, watch out for appeals for help, and consider jumping into effort. You will be unhappy if you miss that chance, you will have nothing to tell your grandchildren after the war is over 🙂