NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice
for vulnerability and mitigation details, and the Network Time Foundation Blog
for more information. (January 2014)
The NTP Codebase undergoes security and defect audits from a number of sources, including:
Additionally, a number of project developers and interested parties in the Internet Community routinely scan the code looking for problems.