(no title)

NordVPN had the clients audited by VerSprite last year, and their No-log policy audited by PwC in 2018 and 2020. And a bug bounty program on HackerOne. [1]

ExpressVPN - Windows Client was just audited by F-Secure in March, and server side audits by Cure54, and PwC in 2021 and 2019 respectively. And a bug bounty program on Bug Crowd. [2]

---

For comparison

Mullvad has been audited (Client security and Infrastructure (for privacy)) by Cure53 through 2020, and first was in 2018. Has no bug bounty, but they do still have a vulnerability disclosure program. [3]

ProtonVPN, audits of the no-log policy in April, and clients in 2020. And they run their own bug bounty program.[4]

---

I actually find it kinda interesting that while they've all had audits regarding privacy on the server side, only ExpressVPN has had a security audit of server side components. (Granted I've not look that deeply at this)

[1] Annoying, you can only download the audit reports if you Login then click Reports in the menu

[2] https://www.expressvpn.com/blog/?s=audit

[3] https://mullvad.net/en/blog/tag/audits/

[4] https://protonvpn.com/blog/?s=audit