We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

ExpressVPN’s Lightway Passes Second Independent Audit

ExpressVPN’s Lightway Passes Second Independent Audit
Author Image Zane Kennedy
Zane Kennedy Published on 13th March 2023 Former Cybersecurity Researcher

ExpressVPN has once again demonstrated its commitment to transparency and user privacy by passing yet another independent audit. The VPN service provider's latest assessment by Cure53 reveals that its in-house VPN protocol, Lightway, is secure and free from high-impact security issues.

ExpressVPN invited Cure53 to conduct a comprehensive audit of Lightway's source code and perform a penetration test during October and November 2022. This marks the second time that Lightway has undergone an external assessment by the cybersecurity firm – the first of which was conducted in 2021.

Cure53's report confirmed that Lightway has a "very good state of security". It identified five low-severity and four informational issues, all of which were immediately remedied by ExpressVPN.

The report further determined that by "drawing on the combination of factors, namely the comprehensive coverage, low number of findings, and an absence of high-impact problems, it can be concluded that this Cure53 assessment of the ExpressVPN Lightway components concludes with a positive result."

ExpressVPN has completed and published twelve third-party audits in the past year alone in an attempt to become the VPN industry's most transparent provider. This achievement underscores the company's ongoing commitment to security, user privacy, and accountability.

Adding to this, the decision was made to make Lightway open-source back in 2021, further improving transparency. The move allowed users, researchers, and developers to scrutinize the code, identify vulnerabilities, and contribute to development.

ExpressVPN's vice-president, Harold Li, spoke of why the decision was made to create Lightway, stating "Speed, performance, privacy, security, reliability — no one protocol had them all. That’s why we invested resources to build Lightway from the ground up for modern VPN needs.”

Many more independent audits of ExpressVPN are expected to be planned in the near future, in an effort to further prove its commitment to security and transparency.

About the Author

Zane was a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provided readers with accurate and trustworthy news stories and articles. He aimed to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address