VPN service Private Internet Access (PIA) announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. However, it seems that there will be two separate security audits of OpenVPN.
“On November 22, we saw that an organization called OSTIF had announced that they had wanted to raise money in hopes of auditing OpenVPN 2.4. By the time OSTIF’s OpenVPN audit fundraising drive was announced, we were already 3 weeks into the audit process with Dr. Matthew Green,” a PIA staffer explained, and noted that the CEO of OpenVPN welcomed their effort.
They won’t join OSTIF’s effort, but continuing with their own. “We believe it is a good thing for multiple audits to be conducted,” the staffer added.
OSTIF will also continue with their plan, and the good news is that they have already raised half of the funds they intend to allocate to this effort.
“The audit will be carried out by QuarksLab in Paris. Their exemplary job on a shoestring budget for the VeraCrypt audit has encouraged us to move forward with them on future projects,” they shared. The audit process will be under way by January 1st 2017, as planned.
“We had been collaborating with OpenVPN Technologies and the community on this effort for over six months, and carefully planning the fundraising and timing for the project,” they added.
“We also took significant steps to try to select auditors who are not from nations in the Five-Eyes Intelligence Alliance because the OpenVPN Technologies staff is largely from Fox-IT, whose parent company is NCC Group, which has close ties with the government of the United Kingdom. We wanted to avoid any situation where it could be viewed by the world that a five-eyes company was auditing an app created in a five-eyes nation.”