We're so happy to release the results of our 4th annual independent security audit. It seems like just yesterday when we sent our Bears in for their very first security checkup in 2016, but here we are. 2021. Boy, have things been weird this last year (and counting).

2020 impacted the world in so many ways; we're still feeling the effects in 2021. Globally, people transitioned to life online for work and to stay connected to the world outside. However, as more people work from home than ever before, the internet has shown just how vulnerable the internet's infrastructure, companies, and people are.

Workers that would typically count on the safety of their office networks have had to rely on unsecured home routers to protect confidential information. Working from home suddenly meant scrambling to buy new computers, secure routers, anti-virus software, and a VPN to help protect all of that data from threats they'd never considered.

The move to life online has inspired us to work even harder to make sure the TunnelBear network can help keep your private data safe and sound. Let's look at this year's results.

2020 Testing

2020's testing started in October, and for 40 days, nine members of Cure53 scoured through every nook and cranny of TunnelBear's apps, code, and infrastructure. This year marks the fourth time we've worked with Cure53 to release a public audit. With several years of working experience together, they're able to assess TunnelBear's security quickly, resulting in more time to find and fix any issues that might appear.

Granting Cure53 "white-box" access to TunnelBear means clear visibility into how TunnelBear works, what technologies we use, and what we've done to harden security.

Given its breadth, the absence of highly-rated issues is a great achievement.

2020 Results

We're happy to announce that after 40 days of testing, Cure53 found two low, two medium and one high-risk vulnerability. This year's report is the best report we've seen so far because even the vulnerability marked as high was easily fixed. A key highlight of the report states, "Given its breadth, the absence of highly-rated issues is a great achievement. As such, this project's results also underscore the benefits of continuous engagement with external security examinations as the working mechanism towards reducing flaws."

You can read the full report on Cure53's website. (Link goes to a pdf hosted on Cure53.de)

Another year, another audit

We want to thank all the hard-working Bears that contributed to last year's audit and Cure53 for their attention to detail and honest reporting. We've always enjoyed working together to make TunnelBear a better app for people who depend on a secure connection to access the internet every day.

See you next year!
the TunnelBear Team