Security Lab

Conducting independent security audits of internet freedom technologies

The Security Lab is focused on ensuring the highest possible security standards for internet freedom projects. To this end, the Security Lab supports independent technology audits for all of OTF’s supported projects. Additionally, projects that are not receiving OTF support but are otherwise relevant to internet freedom may apply for an audit. Audit findings are made publicly available after undergoing a responsible disclosure period to correct bugs found in the audit. Auditors are also able to review state-sponsored software suspected of malicious intent for privacy and security.

Security Lab vendors are able to analyze a project at different phases of its development lifecycle. As such, we encourage applications from those looking for early-stage security assessments of their technical design, those looking for cryptographic design reviews, and those looking for code reviews. As of this writing, the Security Lab has supported more than 170 audits, resulting in the identification and patching of over 2,000 privacy and security vulnerabilities. Community members may also suggest a project for the Security Lab by reaching out to

To learn more about the Security Lab or apply for an audit, head to the Security Lab page.

Last updated