Private Internet Access, which is a VPN provider, announced this week that it is going to fund an audit of OpenVPN 2.4. The audit will be led by Dr. Matthew Green, assistant professor at the John Hopkins Information Security institute. According to PIA’s announcement,
Private Internet Access has contracted Dr. Green as an independent consultant to do a comprehensive evaluation of the version of OpenVPN that is currently available on GitHub and search for security vulnerabilities. Once OpenVPN 2.4 is out of beta and released, the final version will be compared and evaluated to complete the security audit.
The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect. Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.
Once the independent audit is completed, Private Internet Access will share the final report with OpenVPN prior to releasing the results to the public. Furthermore, we will work with OpenVPN to ensure that any discovered vulnerabilities are fixed before publishing.
This is excellent news. Nice to see a company that relies on these open Internet systems to put some money up to ensure their users are secure.