ExpressVPN blows away the competition on security audits - but what do they mean?

ExpressVPN blows away the competition on security audits - but what do they mean?

Briefly

"ExpressVPN says it has passed 27 independent security audits. The latest audit, conducted by penetration testing firm Cure53, examined the source code of each product for security flaws, vulnerabilities, or hidden surprises that could cast doubt on ExpressVPN's security posture and no-logs policy. Cure53 assessed ExpressMailGuard, an email masking service that allows users to generate unlimited anonymous email aliases, together with Identity Defender, a monitoring service for US users that scans public records, leaked online data dumps, and the dark web for indicators of identity theft."

"This brings ExpressVPN's overall audit count to 27. A full list can be found on ExpressVPN's , with audits performed by Cure53 and KPMG. Infrastructure: A VPN provider's infrastructure is often one of the first things examined in a security audit, provided it is in scope. Security experts may look at a wide range of factors, including server security, data storage and management, encryption, authentication controls, and network configuration."

"Source code: Sometimes, VPN providers will allow auditors to assess the source code of their software for inherent or hard-coded vulnerabilities, weaknesses, the use of default credentials, or programming errors. VPN apps: An assessment may also explore desktop, mobile, and browser extensions for coding issues, vulnerabilities, poor encr"