Open Source

Addressing the Hyperbole: OpenVPN Zero-Day Vulnerabilities

Recently, certain outlets incorrectly reported four zero-day vulnerabilities in OpenVPN2 that allow an attack called OVPNX. These reportedly included CVE-2024-27903, CVE-2024-27459, and CVE-2024-24974.  The news was alarming to many, as the OpenVPN2 protocol is used not only in OpenVPN’s commercial products, but in several other VPN providers’ products. However, the report contained several inaccuracies, and […]
May 6, 2024
Read More

Trail of Bits Validates Security Strength of OpenVPN

With over 60 million downloads of OpenVPN’s core open source software, 20,000+ business customers, and hundreds of companies who use the OpenVPN protocol in their own products, you may be wondering: Is the OpenVPN protocol safe? It’s a valid question. Recent survey results that found 96% of roughly 1,700 codebases contained open source software and […]
November 15, 2023
Read More

SouthEast LinuxFest 2023: Embracing Open Source and Building Connections

The SouthEast LinuxFest (SELF) is more than just an educational conference; it's a community-driven event where Linux enthusiasts and open-source advocates gather to learn, network, and have fun.
July 6, 2023
Read More

OpenVPN 2.6 Released

The OpenVPN community has announced the release of OpenVPN 2.6.0, a major update to the open source protocol behind OpenVPN, Inc. products. With this update, it will be easier and faster for users to secure their network connections, no matter their use case.
March 8, 2023
Read More

OpenVPN Community Hackathon of 2022

The OpenVPN community gathered again for a community Hackathon in Delft, Netherlands, from November 25 to 27, 2022 to work on the OpenVPN 2.6 release with data channel offload (DCO), a major feature we’ve worked on for nearly two years.
February 15, 2023
Read More

How Businesses Can Handle the Pandemic of Open Source Bugs

In mid-January, representatives from some of the world’s biggest tech companies and open source foundations were summoned to the White House. On the agenda: how to better manage the risks associated with open source software use.
February 15, 2022
Read More

We Now Have OpenVPN Data Channel Offload: Here's What That Means

Security is one of the most important things to consider when you are online. The more data encryption available, the better.
August 30, 2021
Read More

Google's SLSA Looks Good, But Is It Enough?

ast month, Google introduced “Supply chain Levels for Software Artifacts” (SLSA), an end-to-end framework to ensure the integrity of software artifacts throughout the software supply chain. It's a powerful first step -- but is it enough?
July 15, 2021
Read More

Why Open Source Security Really Is More Secure

Facebook. Apple. Capital One. Marriot. Time after time, companies we trust experience data breaches — but it’s the individual customers who suffer. They’re the ones whose personal and even financial data is exposed to the world. It’s only natural, therefore, that in the face of such frequent and growing cyberattacks, people will question what type […]
October 8, 2020
Read More

OpenVPN 3 Linux and --auth-user-pass

With OpenVPN 3 Linux, as with most newer releases, the community has improved upon the security. One of the ways this is done is by increasing requirements around user credentials.
September 9, 2020
Read More