RealVNC remote access software for businesses has been validated in a whitebox security audit by Cure53, finding VNC Connect Remote Access service as having a strong and stable security posture.
According to RealVNC, Berlin-based IT security consultancy Cure53’s whitebox security audit is more in-depth than blackbox penetration testing, which the vendor commissions every year.
“Auditors have access to all of the source code, binaries and API/protocol documentation,” according to RealVNC’s announcement.
“Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed, with the fixes confirmed by Cure53, while the other six were flagged as either false alerts or works-as-intended and evaluated as of lower risk.”
At the time of writing, RealVNC was the only remote connectivity provider of its type to undergo the whitebox testing so far, it claimed – pointing out that without such thorough testing, vendors could not be sure how secure their offering really is.
Cure53’s audit took 86 person-days and looked at VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, it said.
RealVNC has said its secure remote access and management software is used by hundreds of millions of people worldwide, helping organisations cut costs and improve the quality of supporting remote devices and applications via desktop, mobile and embedded platforms.
Cure53 offers classic black-box penetration tests as well as white-box tests and code audits, incorporating languages from PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to web back-ends written in C++ and Delphi.
RealVNC, which is aiming at increasing channel sales, and also recently released a RealVNC Server for Mobile, is presenting on organisational vulnerability due to poor remote-access security this week at Infosec World 2022 in the USA.