In November 2022, the Pango Group engaged the security firm Aon Cyber Solutions to perform a privacy-focused security assessment of the company’s Catapult Hydra source code and Partner VPN platform

 

“This audit made the security of our Partner VPN solution even stronger” explains Neill Feather, Pango’s President. “Following the auditor’s recommendations, we implemented several changes. We intend to regularly audit our Partner VPN solution in the future.”

 

The testing sought to assess and identify privacy risks, software vulnerabilities, and logging that could compromise the confidentiality, integrity, and availability of the company’s VPN systems.* All services were examined to locate inadvertent logging of sensitive information. This included gray-box security testing to gauge the threat of external attackers and application users gaining unauthorized access to the application and/or its data. During the test there were no critical severity findings identified. Lesser severity findings were reviewed using a risk-based approach and, if appropriate, remediated and re-tested.

 

The auditors used a combination of tools and manual techniques during the testing. Industry best practices were followed to test Pango’s various privacy controls and confirm Pango does not collect activity logs or connection logs.

 

* Pango is not responsible for the data practices of any of our clients that integrate Pango’s VPN solution into their services. Each client’s practices are subject to the client’s individual privacy policy and terms of service. Customers of Pango’s clients should review the client’s privacy policy and terms of service to understand how that client uses their customer’s information collected through the client’s services.