ExpressVPN unveils final Lightwave version, opens source code to the public, issues new third-party security audit
ExpressVPN announced the launch of the final version of its in-house VPN protocol Lightwave. The company is also introducing two new trust and transparency initiatives for Lightway: an independent security audit conducted by Cure53, as well as making Lightway code available open source.
Lightwave is a protocol designed to provide a faster, safer and more reliable VPN experience while consuming less battery. Its minimal code base greatly simplifies auditing and maintenance. Lightwave also supports Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), allowing it to operate reliably on many different types of networks.
In its last year of beta testing, ExpressVPN has found that compared to the older protocol, Lightwave offers an average of 1:
• 2.5x Faster Connection: Lightway connects to the VPN in under a second the vast majority of the time.
• 40% improvement in reliability: Users experience less connection drop, especially on mobile.
• 2X Traffic Speed: Speeds up Lightwave VPN so users can surf online without any interruption.
Users can now enjoy the benefits of Lightwave across all Android, iOS, Windows, Mac, Linux and router platforms and devices.
Cure53 tests the Lightway
ExpressVPN has invited cybersecurity company Cure53 to conduct a penetration test, as well as a source code audit of Lightwave, prior to its full deployment. The first tests were conducted in March 2021, then repeated in June 2021 to confirm that all problems identified had been fixed.
Cure53 found 14 safety-related findings, but none were classified as “critical”. The ExpressVPN engineering team responded quickly to the issues raised, and was able to verify this as part of the Cure53 audit.
“Lightway Core’s study code base follows consistent coding plans, and is rated as high quality by testers,” Cure53 said. “The results of this evaluation are generally positive. The perimeter of the ExpressVPN Lightwave protocol evaluated in this project gives an impression of robustness despite the issues raised. Nevertheless it is important to note that the improvements to be implemented are it’s easy, “.
ExpressVPN has been audited twice by PwC (PricewaterhouseCoopers) in the past: the first audit in 2019 to verify that the servers were in compliance with their privacy policies, and the second in 2020 to confirm that its build verification system was unintentional. Reduces the risk of distribution. Malware for clients. ExpressVPN also released the results of Cure53’s security audit on its open-source browser extension in 2019.
Increase Lightway’s Trust, Transparency and Security Through Open-Source
ExpressVPN releases the source code of Lightwave Core under an open-source license (GNU General Public License, version 2). This means that anyone can use the same ratings as Cure53 and Lightwave, even if they are not an ExpressVPN customer.
Open-source code enables the global technical community to test and inspect code, identify potential vulnerabilities, and improve overall security. Open-source allows anyone to assess for themselves whether the claims we make about Lightwave and its architecture are true.
ExpressVPN previously released its browser extensions and testing tools. The company has also implemented reward programs since 2016 to reward security researchers who help it improve the security of its products.