In a blog post today, VPN Service Tunnelbear posted the results of a 2016 independent security audit of their VPN to find vulnerabilities. Cure53, the cybersecurity company that was paid to perform the audit, managed to find "vulnerabilities in the Chrome extension" that they were not happy about, but they hope to improve their VPN and remain transparent about their software.
The blog post can be found here: https://www.tunnelbear.com/blog/tunnelbear_public_security_audit/
The results of the security audit can be found here: https://cure53.de/summary-report_tunnelbear.pdf
While disappointed in part of the results, I am most pleased to see a company that is willing to be transparent about its security and practices. I am most curious what LTT thinks of Tunnelbear maintaining honesty with the public.