NordVPN Completes First Audit of its No-Logs Policy – So, Here Are the Results!
Last updated July 31, 2021
VerSprite was contracted by NordVPN to carry out a holistic risk assessment audit on the popular VPN product. According to the company’s report, they have found no critical vulnerabilities but only one high-severity flaw and a couple of medium to low importance bugs. These vulnerabilities have all been mitigated by now, so the product is now even more robust and reliable. NordVPN is happy with the results because the audit proves that their long-term efforts in security have yielded the desirable fruits.
VerSprite simulated real-world attack scenarios and threats by using a PASTA (Process for Attack Simulation and Threat Analysis) method, so it’s not that they were simply reviewing the code. Instead, the auditing team performed in-depth aggressive penetration testing designed within the context of a methodical seven-stage process. The main focus of the auditors was to breach confidential user data, identify high-impact vulnerabilities that would lead to IP leaks, and find a feasible path to privilege escalation. None of it worked, so NordVPN proved to be robust enough to withstand the attacks even before the latest fixes.
Daniel Markuson, a digital privacy expert at NordVPN has stated: “Independent audits are one of the necessary elements to maintaining high-security standards and ensuring that our users’ trust in us is well-founded.”
Of course, NordVPN regularly goes through audits conducted by independent service providers who are considered leaders in the field. After all these years of meticulous reviews on the product’s inner workings, it has reached the status of being a tough nut to crack. Not all of these audits focus on security, though, as proving that a VPN product doesn’t keep any user data logs in the first place is also of key importance.
In our 2021 review of the NordVPN product, we have given it an overall score of 9.2 out of 10, praising its customer support, ease of use, and configuration simplicity, as well as the plethora it offers in terms of servers. The only area where things remain a bit salty is the price, the limited availability of the split tunneling feature, and a few uncertainties that arise from its Panama-based jurisdiction. All in all, this is a world-class VPN product, and the latest audit underlines this fact.