SecureDrop completes sixth security audit

- The Latest Issues
  Regular reporting on government secrecy, surveillance, and the rights of reporters and whistleblowers.
  - Key Issues
  - News Releases
- Technology
  Working open source software products to protect journalists, newsrooms, and their sources.
  - SecureDrop
  - Dangerzone
- U.S. Press Freedom Tracker
  A database of press freedom incidents in the United States.
  - Data visualizations
  - Explore the database
- Digital Security Education
  Digital security trainings and resources for journalists.
  - Request a Training
  - Guides & Resources
- About Us
  Protecting and defending press freedom when we need it the most.
- Our Team
  - Staff & Contributors
  - Board of Directors
- Transparency
  - Reports & Financials
  - Announcements
- Get in Touch
  - Jobs & Internships
  - Contact Us
Donate

SecureDrop has completed its sixth security audit, conducted by 7ASecurity and sponsored by the Open Technology Fund. The audit identified three vulnerabilities—one medium-severity and two low-severity—all of which were fixed in the SecureDrop 2.10.0 release. In their report, the auditors praised SecureDrop's robust defense against a broad range of attack vectors, noting that only a few issues were uncovered despite the large scope of the assessment.

This audit is part of SecureDrop's ongoing commitment to security testing and platform hardening. To learn more about the findings and our plans for future improvements, check out the full post on the SecureDrop blog.

Get Notified. Take Action