Johns Hopkins University crypto professor Dr Matthew Green is to lead a security audit of OpenVPN 2.4.
The open source VPN project, published at GitHub, has been compiled for everything from Solaris to Windows, passing various Linux and BSD distributions along the way (including OSX); Windows and Android (and jailbroken iOSs); and it's baked into firmware implementations like Openwrt, Vyatta, DD-WRT and others.
It's also used by VPN provider Private Internet Access, and that's the company that's decided to fund the security review.
In this post, PIA's Caleb Chen writes that Dr Green is being paid to review Version 2.4, which is currently in beta, and when that version goes live, “the final version will be compared and evaluated to complete the security audit”.
Chen explains that PIA decided to fund the review itself, rather than crowd-sourcing it, “because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.”
The post says the report will be shared with the OpenVPN community first, before publication, and PIA will help fix any bugs that turn up. ®