Application Name:




Assessment Technique(s):

Static Binary Analysis

Assurance Level:

AL4 (High)


In its reviewed state, the OpenVPN v2.09 application met or exceeded the security score outlined in theVeracode risk adjusted verification methodology for an application at the assurance level specified above. Veracode’s risk adjusted verification methodology is based on respected industry standards includingMITRE’s Common Weakness Enumeration (CWE) for classification of software weaknesses and FIRST’s Common Vulnerability Scoring System (CVSS) for severity and ease of exploitability and NIST's definitions of assurance levels.


While every precaution has been taken in the preparation of this document, Veracode, Inc. assumes no responsibility for errors, omissions, or for damages resulting from the use of the information herein. Due to the nature of software security testing, the lack of discoverable flaws does not mean the software is 100% secure.