“Cure53 is happy to state that test preparation, test execution and also the fix verification, which is one of the most important parts of such an audit, went smoothly and professionally. The fact that no critical threats were found reinforces RealVNC’s focus on ensuring its customers remain safe from threats when using VNC Connect. The Cure53 team is highly motivated to find issues when completing white box penetration tests. “At RealVNC, we operate from the standpoint that no company should ever take a vendor’s word for it when they claim their software is secure, which is why we chose to complete a white box audit with a highly regarded security consultancy to prove it,” said Andrew Woodhouse, CIO of RealVNC. Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed - with the fixes confirmed by Cure53 - while the other six were flagged as either false-alerts or works-as-intended and evaluated to be of lower risk. With Cure53’s report, buyers can be confident that choosing RealVNC as their remote access vendor will never be a regret,” said Adam Greenwood-Byrne, CEO of RealVNC.Ī white box security audit is significantly more in-depth than the more common black box penetration test (which RealVNC also commissions by an external organization annually), as the auditors have access to all of the source code, binaries and API/protocol documentation. This is especially true for remote access software where the stakes are high, and a mistake could be reputationally damaging or even existential. IT buyers of remote access technologies should expect no less than independent and comprehensive third-party validation of vendor claims. “As the technologists responsible for bringing remote access to the mass market, we are today setting new standards and expectations for security in the face of the challenges of the modern IT environment. The report states, in conclusion, that RealVNC places a strong focus on the security posture of all its components. The comprehensive audit, which took 86 person days and included VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, found 38 security-relevant discoveries, none of which were critical and only three were deemed high severity, and these were fixed immediately. CAMBRIDGE, England-( BUSINESS WIRE)- VNC Connect by RealVNC, the remote access service used by hundreds of millions of people worldwide, was audited by Cure53, the Berlin, Germany-based IT security consultancy who have also audited other industry leading software such as Mozilla VPN, 1Password and Bitwarden.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |