We are glad to announce that Perfect Privacy is funding and supporting a security audit of the OpenVPN code base. The audit is performed by the Open Source Technology Improvement Fund (OSTIF) who previously did a code audit of VeraCrypt, the de-facto successor of TrueCrypt.
If the fundraising goals are met, the audit is planned to start in February 2017 and will take approximately 45 days. Once the auditing process is completed, the results of the audit are given to the OpenVPN developers, so they can review the findings and have time to implement fixes. After the OpenVPN team is satisfied that any critical vulnerabilities have been fixed, the results are given to OSTIF who will release the results on their website.
We believe that it is our responsibility to provide the best possible security for users relying on our service. OpenVPN is a key component in our product and as such a qualified security audit is in the interest of all our users. OSTIF also accepts smaller donations from individuals, so if you want to support the OpenVPN audit financially, consider donating to OSTIF yourself. At the time of the initial publication of this blog post, OSTIF has reached about 60% of the fundraising goal of $71,000.
We will inform you about the process of this audit in our blog. Also, you can find more information in the OSTIF blog.