![]() No access to production VPN servers or infrastructure was granted to members of the cure53 team.Ī total of 9 issues (3 high, 2 medium, 3 low, 1 info) were discovered, all of which were either immediately resolved or have since been resolved. A white-box approach was used whereby Cure53 was given full access to all our code repositories and a dedicated audit environment created to replicate our exact production environment. ![]() The scope of the audit was very extensive and included our public VPN service infrastructure, our internal backend servers supporting our VPN service and penetration testing of our public web servers. We hope that publishing the results of these audits increases our customer’s confidence in the security of our systems and demonstrates our commitment to operating transparently wherever possible. However, an audit only provides a snapshot of the systems in scope during the period in which it was conducted. The audit identifies vulnerabilities that may affect the security or privacy of our customers and provides recommendations on how to resolve them. The purpose of the audit was to evaluate the security of our information systems by measuring how well they conform to a set of security best practices. ![]() The audit was conducted by 6 members of the Cure 53 team over 21 man-days in late November and December. We’re pleased to announce that an independent security audit of the IVPN service conducted by Cure53 has concluded. ![]()
0 Comments
Leave a Reply. |