Security Audits

GlobaLeaks is periodically subject to independent security audits in order to verify and improve the security of the system.

We try to get it audited at least every 2 years thanks to funding opportinities. Each user and adopter as well sometimes is able to fund additional audits.

This page lists the currently publicly available reports.

If you have carried or have the possibility to sponsor a security audit please email us at info@globaleaks.org. This would be particularly important for the general software security. When asking a company to audit the software please always remember to ask for the possibility to ask for the possibility to publish the report before this is performed; many auditors in fact may dont agree with publishing afterwards and this happened many times with waste of project resources.

We additionally invite independent security researchers to apply to our Bug Bounty initiative, which it’s hosted on HackerOne.

Date

Auditor

Goal

Report

2013

iSecPartners

Architecture Audit

Report

2013

Cure53

Web Security Audit

Report

2014

LeastAuthority

Source Code Audit

Report

2018

SubGraph

Overall Audit

Report

2019

RadicallyOpenSecurity

Crypto Audit, Multi-tenancy Audit, Overall Audit

Report

2022

RadicallyOpenSecurity

Server Source Code Audit, Client Pentest, OpSec for Whistleblowers, OpSec for Server Administrators

Report