Leading consumer privacy and security company ExpressVPN has validated the security posture of all its desktop apps through three new independent audits by respected cybersecurity firms, Cure53 and F-Secure. The three new audits come just weeks after KPMG’s audit of ExpressVPN’s no-logs policy, underlining ExpressVPN’s dedication to third-party privacy and security verifications.
Cure53 tested both ExpressVPN’s macOS and Linux desktop apps through white-box penetration tests and source code audits. The assessments confirm that the apps are secured against cyber security threats from malicious adversaries. This also validates the extensive work done by ExpressVPN’s engineering and security experts in building a safer, more open internet for millions of people worldwide.
F-Secure also reviewed ExpressVPN’s Windows v12 app through penetration testing and source code auditing, and found no significant weaknesses. The audit verifies that ExpressVPN’s latest Windows desktop app cannot be manipulated to leak information, such as a user’s IP address, outside the VPN tunnel. It also confirms that the app is not susceptible to remote code execution attacks.
Having all of ExpressVPN’s desktop apps audited means that users can go online with the assurance that their privacy is protected, and do so confidently.
“As part of our continuous trust and transparency efforts, we’re proud to announce that all of our desktop apps have now been audited,” said Brian Schirmacher, penetration testing manager at ExpressVPN. “These audits are a testament to the efforts we put into improving and securing our product, and we’re glad to receive the validation from Cure53 and F-Secure. We’re committed to delivering audits on our mobile apps soon, and will continue to ensure privacy and security at every touchpoint of our product.”