VPN service Private Internet Access (PIA) has just announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN.
OpenVPN is an open source software application that implements various VPN techniques, and is used by millions of people. It’s available for a number of platforms (Windows, OS X, most Linux versions, Android, iOS, etc.)
PIA supports multiple VPN technologies, among them OpenVPN.
“Private Internet Access has contracted Dr. Green as an independent consultant to do a comprehensive evaluation of the version of OpenVPN that is currently available on GitHub and search for security vulnerabilities. Once OpenVPN 2.4 is out of beta and released, the final version will be compared and evaluated to complete the security audit,” the company explained.
“The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect. Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.”
Once the audit is finished, OpenVPN will get a first look at it. The results will be publicly released only after the OpenVPN project has had a chance to fix them.
This announcement comes two weeks after the Open Source Technology Improvement Fund (OSTIF) announced a fundraiser for financing an audit of OpenVPN, and many VPN services pledged their support by contributing to it.
OSTIF has previously successfully raised funds for an independent security audit of TrueCrypt fork VeraCrypt, which was performed by QuarksLab.
PIA has not mentioned anything about this fundraising effort, and it’s currently unclear if their announcement is part of it.
UPDATE: It seems that there will be two separate security audits of OpenVPN.