We are starting to deploy Zammad within human rights and humanitarian use contexts. Our first task has been to work on a general hardened deployment configuration and container. We hope to share and publish this soon.
Beyond that, we were curious if there has been any third-party code audit, pen testing, or other external review of Zammad?
If so, were there any public outcomes?
If not, we would be interesting in help making this happen.