OSTIF is proud to announce that we have come to an agreement to fully fund an audit of VeraCrypt. Using funds that were donated by DuckDuckGo and VikingVPN, we plan to hire QuarksLab to go over the code and search for vulnerabilities and backdoors.
VeraCrypt is a crucial piece of open-source software that can encrypt any storage medium with powerful and highly tamper-resistant encryption that greatly enhances the personal security of anyone that uses it. An audit of the code brings fresh professional perspectives and a deep analysis of the code to search for vulnerabilities.
As of our agreement today, QuarksLab will be executing their auditing work in mid-August with completion and results before mid-September. The team has been instructed to give any results of this audit directly to the lead developer of VeraCrypt using heavily encrypted communications. This is to prevent their research from leaking zero-day vulnerabilities to the public, and so that the OSTIF does not have access to the results ahead of the public.
Once all parties are satisfied that any major vulnerabilities have been patched, we plan to post the results of this audit to all three of our websites (OSTIF.org, QuarksLab, and VeraCrypt) simultaneously.
This audit is very exciting for us, as it is the first time that we are converting promises and goals into results! We look forward to bringing the open-source community and the public closer together, and we are committed to fighting hard for the technical solution to the privacy problem.