The Go programming language underwent a security audit by Trail of Bits, focusing on its cryptography packages. The audit highlighted one low-severity issue and several informational findings, primarily concerning timing side-channels and memory management in the legacy Go+BoringCrypto integration. The Go team has addressed these issues in the upcoming Go 1.25 version. The audit validates Go's commitment to developing robust cryptographic libraries, with future plans to enhance post-quantum cryptography and simplify high-level cryptography APIs.
Table of contents
One low-severity finding ¶Five informational findings ¶Timing Side-Channels ¶Cgo Memory Management ¶Implementation Completeness ¶1 Comment
Sort: