wonderfully unique software solutions

RealVNC remote connectivity completes whitebox security audit

RealVNC remote access software for businesses has been validated in a whitebox security audit by Cure53, finding VNC Connect Remote Access service as having a strong and stable security posture.

According to RealVNC, Berlin-based IT security consultancy Cure53’s whitebox security audit is more in-depth than blackbox penetration testing, which the vendor commissions every year.

“Auditors have access to all of the source code, binaries and API/protocol documentation,” according to RealVNC’s announcement.

“Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed, with the fixes confirmed by Cure53, while the other six were flagged as either false alerts or works-as-intended and evaluated as of lower risk.”

At the time of writing, RealVNC was the only remote connectivity provider of its type to undergo the whitebox testing so far, it claimed – pointing out that without such thorough testing, vendors could not be sure how secure their offering really is.

Cure53’s audit took 86 person-days and looked at VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, it said.

RealVNC has said its secure remote access and management software is used by hundreds of millions of people worldwide, helping organisations cut costs and improve the quality of supporting remote devices and applications via desktop, mobile and embedded platforms.

Cure53 offers classic black-box penetration tests as well as white-box tests and code audits, incorporating languages from PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to web back-ends written in C++ and Delphi.

RealVNC, which is aiming at increasing channel sales, and also recently released a RealVNC Server for Mobile, is presenting on organisational vulnerability due to poor remote-access security this week at Infosec World 2022 in the USA.

( Photo by Christina @ wocintechchat.com on Unsplash )

Recent Articles

Responsibility shifts towards vendors with US National Cybersecurity Strategy

The US government has called for aggressive regulation as part of its National Cybersecurity Strategy for 2023, ITops company Automox has warned.

Four critical challenges for cybersecurity provision in 2023

Skill sets, AI, co-operation, and climate have become the critical challenges for cybersecurity provision this year, according to Europe-based IT/OT security software...

Snow adds certifications to partner programme to drive Atlas sales

Technology intelligence software platform Snow Atlas has achieved ISO 27001 certification and completed the Service Organisation Control (SOC) 2 Type 1 examination...

Arista says edge threat defences could have safeguarded Tallahassee health

Tallahassee Memorial Health might not have been disrupted in February, requiring systems downtime and patient inconvenience, had it deployed strong edge threat...

OpenText Cloud Editions aim for accelerated AI and digital transformations

Information software company OpenText has whipped the covers off its Cloud Editions (CE) 23.1, which it says will support AI adoption and...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox