To reduce instances of any malicious attacks, the next update of OpenVPN will be audited externally before the final release. A renowned cryptography expert will host the audit process and carry out the evaluation to identify vulnerabilities in the open source VPN technology.
VPN service provider Private Internet Access (PIA) is set to fund the audit for OpenVPN 2.4. It will be completed by noted cryptographer Matthew Green, assistant professor at the Johns Hopkins Information Security Institute. Dr. Green is famous in the world of applied cryptography and cryptographic engineering. He recently conducted an analysis of TrueCrypt, an open source full-disk encryption application.
“The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect,” PIA writes in a blog post.
Dr. Green will test the same version of OpenVPN that is presently available on GitHub. Once the beta build of this version is released to developers, its final release will be compared and evaluated to ensure a flawless experience for end users.
Independent audit over crowdfunded
PIA has stated that it preferred the independent audit over a crowdfunded approach to maintaining the integral nature of OpenVPN for both the privacy community and its own customers.
“Once the independent audit is completed, PIA will share the final report with OpenVPN prior to releasing the results to the public,” the PIA team added.