It's been well over 5 years since we conducted our first independent security audit for TunnelBear, back in 2016. The world has experienced a lot of hardship over these last few years: internet shutdowns, infringements on fundamental rights, unprovoked acts of war, a global pandemic, and so much more.

But there has been lots of good in the world too: Pet adoption from shelters has increased by over 200% globally, worker's rights and reform is on the rise, and folks from around the world have joined together in support of BLM. Even in the wake of these unprecedented times, there are still many things to celebrate and work towards.

While the world has posed some challenges for the Bear Cave in the past year, we're happy to finally share the results from our 2021 security audit.

TunnelBear's preparation, documentation, and general support throughout the testing phase was comprehensive, with no stone left unturned.

2021 Testing

As with previous years, we've continued to use Cure53 to conduct our security audits. 2021's testing began in November. A total of 9 testers and 47 days were spent by the Cure53 team as they combed through every inch of our TunnelBear applications, SDKs, and VPN infrastructure.

2021 Results

Through their testing, Cure53 found four low, nine medium, three high, and three critical-risk vulnerabilities.

While these results were higher than previous years, the increased scope of our audits allowed Cure53 to cover more ground in testing our systems than ever before. With the reporting of these issues by Cure53, all medium, high, and critical vulnerabilities were quickly resolved by the TunnelBear team. Upon assessment and prioritization, low-risk vulnerabilities were also addressed.

You can read the full report by Cure53 here.

To Transparency, and Beyond

One key takeaway from 2021's audit is the ever growing importance to continue to conduct annual security audits for VPN services. This is something that TunnelBear is committed to continue doing.

We want to thank every Bear that contributed to last year's audit and Cure53 for their efforts and honest reporting. We're excited to continue improving the security and privacy of TunnelBear.

the TunnelBear Team