A 12 months in the past, we publicly dedicated to investing in a higher frequency and amount of third-party audits. We pledged to interact extra unbiased cybersecurity consultants to evaluate our merchandise and validate the accuracy of our safety claims. Prior to now 12 months alone, we now have revealed new unbiased audits of all of our cellular and desktop apps, our privateness coverage, and key applied sciences equivalent to TrustedServer, the Aircove router, and our Keys password supervisor.
As we speak, we’re joyful to share our newest audit—that of Lightway, an open-source VPN protocol that we constructed from the bottom up. The evaluation was carried out by Cure53 in October and November 2022, and the challenge included a penetration take a look at and a devoted audit of Lightway’s supply code.
Lightway is a crucial expertise; a VPN protocol kinds the inspiration of a VPN service, shaping each side of your expertise. This is the reason we invited Cure53 to audit Lightway for a second time (the first evaluation of Lightway was accomplished in 2021), and in addition expanded the scope of testing.
We’re proud to say that Cure53 issued a really constructive report, figuring out 5 low-severity points and 4 informational points. No vital, excessive, or medium points have been discovered. We’ve got since remedied all addressable points raised within the report, as additionally confirmed by Cure53 throughout a re-test in February 2023.
“Drawing on the mix of things, specifically the great protection, low variety of findings, and an absence of high-impact issues, it may be concluded that this Cure53 evaluation of the ExpressVPN Lightway parts concludes with a constructive outcome,” Cure53 states in its report.
In abstract, Cure53 discovered Lightway to be “in an excellent state of safety.” Learn Cure53’s full audit report for Lightway.
Our dedication to belief and transparency
With this newest evaluation, ExpressVPN has accomplished and revealed 12 third-party audits previously 12 months alone. This additionally signifies that we now have revealed extra audit reviews than anybody else within the VPN business, additional growing the belief and transparency of our service.
Here’s a checklist of all our previous exterior audits, ordered chronologically:
These assurance engagements and safety assessments complement our different belief and transparency efforts, together with launching the VPN Belief Initiative, our bug bounty program, and publicly detailing our safety practices.
We’re proud that we’ve helped to drive the VPN business ahead with expertise improvements equivalent to Lightway and TrustedServer. Our newest spherical of audits with unprecedented comprehensiveness is one other instance of how we’re main the business ahead to provide web customers higher privateness and safety.
