In our case, the audit effectively added yet another layer of security and confidence for the thousands of individuals, businesses and enterprises that use our OpenVPN software,” says Francis Dinha, CEO and Co-Founder of OpenVPN Inc.
Pleasanton, Calif. (PRWEB) May 12, 2017
Minor security vulnerabilities revealed by an audit of OpenVPN, an open source security software providing a safer and more secure internet to millions worldwide, have been fixed. The Open Source Technology Improvement Fund, known as OSTIF, provided funding for the comprehensive security audit.
“OSTIF funded audits look for bugs, back doors, or other potential defects. The organization is a strong and independent advocate for free and open software that we are pleased to be part of. In our case, the audit effectively added yet another layer of security and confidence for the thousands of individuals, businesses and enterprises that use our OpenVPN software,” said Francis Dinha, CEO and Co-Founder of OpenVPN Inc.
The mission of OSTIF is to enhance worldwide digital security. In April, corporate nonprofit OSTIF revealed the results of the audit to the technology company. The audit was funded by several cybersecurity companies, including OpenVPN, all whom have a special interest in making sure that the open source software is safe and secure. The bulk of the funding for the independent audit came from virtual private network (VPN) providers.
“A formal audit is very important for open source projects because it assures users that the software they are using is reviewed by an impartial third party, and that no hidden backdoors or vulnerabilities are being hidden by the authors,” said Gary McCloud, Vice President of Business Development at OpenVPN Inc.
Independent review helps to increase public trust. Closed-source companies have been heavily criticized for depending on 'security through obscurity.' They often times keep vulnerabilities hidden and unfixed until someone exploits them in the real world.
OpenVPN 2.4.0 was audited for security vulnerabilities independently by QuarksLab and Cryptography Engineering between December 2016 and April 2017. The primary findings were two remote denial-of-service vulnerabilities. The issues discovered were minor.
“The denial of service vulnerability is a weakness in the software that allows an attacker to disable your service and make it impossible for legitimate users to use the software and your service properly. Fixing this means there is a much less chance of someone bringing down your service from an attack,” said McCloud.
The denial of service vulnerabilities found have been fixed in OpenVPN 2.4.2 and 2.3.15 released on May 11, 2017. The two released updates include a latest version for new users, and a new patch for the older version that many users still depend on.
“The team was hard at work to fix these vulnerabilities and we appreciate the community coming together to make this happen. Customer and community confidence is important to us, and that’s who we’re ultimately here to serve,” said Dinha.
Founded in 2002, OpenVPN is a privately held company based in Pleasanton, California. OpenVPN Technologies has designed and deployed virtual network software that provides secure, reliable, and scalable communication services, not only fulfilling the requirements of the traditional virtual private network (VPN) market, but also addressing the demands of next wave web-scale VPN services.