Between April 17, 2023, and August 13, 2023, Radically Open Security conducted a comprehensive code audit for the Tor Project, including reporting and optional retesting.
The code audit focused on several components of the Tor ecosystem:
The primary objective was to assess software changes made to improve the Tor network's speed and reliability and a number of recommendations were made such as:
Additionally, fixing issues related to denial-of-service vulnerabilities, local attacks, insecure permissions, and insufficient input validation was deemed imperative.
We would like to thank Radically Open Security for performing the audit and the U.S. State Department Bureau of Democracy, Human Rights, and Labor (DRL) for sponsoring this project and 'Making the Tor network faster & more reliable for users in Internet-repressive places’.