Business Wire

RealVNC Becomes First and Only Remote Access Solution to Complete White Box Audit to Validate Security


VNC Connect by RealVNC, the remote access service used by hundreds of millions of people worldwide, was audited by Cure53, the Berlin, Germany-based IT security consultancy who have also audited other industry leading software such as Mozilla VPN, 1Password and Bitwarden. The comprehensive audit, which took 86 person days and included VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, found 38 security-relevant discoveries, none of which were critical and only three were deemed high severity, and these were fixed immediately. The report states, in conclusion, that RealVNC places a strong focus on the security posture of all its components.

“As the technologists responsible for bringing remote access to the mass market, we are today setting new standards and expectations for security in the face of the challenges of the modern IT environment. IT buyers of remote access technologies should expect no less than independent and comprehensive third-party validation of vendor claims. This is especially true for remote access software where the stakes are high, and a mistake could be reputationally damaging or even existential. With Cure53’s report, buyers can be confident that choosing RealVNC as their remote access vendor will never be a regret,” said Adam Greenwood-Byrne, CEO of RealVNC.

A white box security audit is significantly more in-depth than the more common black box penetration test (which RealVNC also commissions by an external organization annually), as the auditors have access to all of the source code, binaries and API/protocol documentation. Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed — with the fixes confirmed by Cure53 — while the other six were flagged as either false-alerts or works-as-intended and evaluated to be of lower risk.

“At RealVNC, we operate from the standpoint that no company should ever take a vendor’s word for it when they claim their software is secure, which is why we chose to complete a white box audit with a highly regarded security consultancy to prove it,” said Andrew Woodhouse, CIO of RealVNC.

The Cure53 team is highly motivated to find issues when completing white box penetration tests. The fact that no critical threats were found reinforces RealVNC’s focus on ensuring its customers remain safe from threats when using VNC Connect.

“Cure53 is happy to state that test preparation, test execution and also the fix verification, which is one of the most important parts of such an audit, went smoothly and professionally. It is clear that RealVNC has demonstrated a genuine interest in ensuring VNC Connect's security and is prepared and committed to maintaining the high standards we have observed,” said Dr.-Ing. Mario Heiderich, Founder of Cure53.

Headquartered in Cambridge, RealVNC's products for desktop, mobile and embedded platforms make it easy for users to access and operate devices remotely while enabling remote users to work with technicians to resolve problems easily.

“We’re not shying away from any of the issues the report found. We actively fixed issues as they came up and, as security is an ever changing landscape, we’ll continue to ensure the security of VNC Connect in future iterations of the service,” said Ben May, Head of Cyber Security at RealVNC.

To review Cure53's summary of the audit, click here, and to learn more about why RealVNC chose to conduct a Cure53 audit, click here.


RealVNC’s secure remote access and management software is used by hundreds of millions of people worldwide. Their software helps organizations cut costs and improve the quality of supporting remote devices and applications, as well as enabling remote working. RealVNC is the original, UK-based, inventor of VNC remote access software and they support an unrivaled mix of desktop, mobile and embedded platforms.


Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits. Web application and mobile app developers speak many languages and so do we. From classic languages such as PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to more exotic candidates like web back-ends written in C++ and Delphi – we've seen them.

Since Cure53 was founded in 2007, we have performed hundreds of penetration tests against all kinds of web applications, online services, hardware interfaces, mobile applications, libraries and crypto tools. We value manual and thorough tests, human interaction and communication and a short yet-to-the-point penetration test report without overhead or pie charts no one wants to see.

To view this piece of content from, please give your consent at the top of this page.

Contact information

Lauren Meckstroth

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Western Union Highlights ESG Progress and Recognitions Received29.6.2022 15:00:00 EEST | Press release

The Western Union Company (NYSE: WU) today released its 2021 Environmental, Social and Governance (ESG) Report, spotlighting the Company’s ongoing commitment to advancing its strategy and actions aligned with key ESG priorities. This press release features multimedia. View the full release here: Western Union's 2021 ESG report spotlights the Company’s ongoing commitment to advancing its strategy and actions aligned with key ESG priorities.(Photo: Business Wire) “People are drawn to work for and do business with companies that make an impact,” said Devin McGranahan, Chief Executive Officer. “This year’s report shows that Western Union continues to make solid progress on our ESG journey, which in turn enables us to effect even more positive change in the communities we serve. I’m proud to work with colleagues who bring their best every day to improve the lives of our customers and communities around the world.” 2021 ESG Highlights

Pyramid Analytics Wins 2022 Ventana Research Digital Innovation Award in Analytics Category29.6.2022 15:00:00 EEST | Press release

Pyramid Analytics (Pyramid), a pioneering decision intelligence platform provider, today announced that the company won a 2022 Ventana Research Digital Innovation Award. The company’s Pyramid Decision Intelligence Platform was selected over finalists Qlik Active Intelligence and H2O AI Cloud in the Analytics category of the 15th edition of the respected analyst firm’s awards program. The award is given to the technology vendor that best exemplifies innovation in any use or application of analytics across business and/or IT. The Business Intelligence and Analytics segment of the global software market is highly competitive. There are an estimated 120 vendors in the space. This press release features multimedia. View the full release here: Pyramid Analytics, a pioneering decision intelligence platform provider, won a 2022 Ventana Research Digital Innovation Award. The Pyramid Decision Intelligence Platform was selected over finali

GPS Announces New Senior Leadership Changes29.6.2022 14:14:00 EEST | Press release

Global Processing Services (GPS), a leading global payment technology platform, has today announced the promotion of Joanne Dewar to Vice Chair. Kevin Schultz has also been appointed as Chief Executive Officer, effective immediately. Joanne will maintain her position on the GPS board, where she will focus on the group’s growth and global profile, and continue to work alongside Chair, Gene Lockhart, in a newly created Office of the Chair. Joanne had been CEO at GPS for over four years and was instrumental in scaling the company and securing investment from arguably the most impressive consortium in the payments industry. Kevin brings a wealth of executive leadership experience in the payments and digital banking industry to his new role as CEO, where he will primarily focus on strategy and execution. Most recently, Kevin served as Fiserv’s Group President of the Digital Banking. Prior to Fiserv, Kevin served as President, Global Financial Services at First Data, following nearly 16 year

Velodyne Lidar CMO Sally Frykman Wins Woman of the Year Award at Sensors Converge Conference29.6.2022 13:48:00 EEST | Press release

Velodyne Lidar, Inc. (Nasdaq: VLDR, VLDRW) today announced its Chief Marketing Officer (CMO) Sally Frykman won the 2022 Woman of the Year award from Sensors Converge and Fierce Electronics. The Best of Sensors Awards recognize the best and most innovative products, technologies, teams and people in the sensors industry. This press release features multimedia. View the full release here: Sally Frykman, Chief Marketing Officer (CMO) at Velodyne Lidar, won the 2022 Woman of the Year award from Sensors Converge and Fierce Electronics. (Graphic: Velodyne Lidar) The Sensors Converge conference, which is taking place now in San Jose, covers sensors and electronics technologies and applications that are driving industry innovation. The conference’s awards, selected by a panel of industry experts, were presented yesterday at an event honoring the best in sensor technologies and the sensor ecosystem, people and companies. “Sally is very d

NICE Publishes Final Appraisal Document Recommending the Use of Adtralza® (tralokinumab) for Adult Patients With Moderate-to-Severe Atopic Dermatitis29.6.2022 13:47:00 EEST | Press release

LEO Pharma A/S, a global leader in medical dermatology, today announced that the National Institute for Health and Care Excellence (NICE) has issued a positive Final Appraisal Document (FAD) which recommends Adtralza® (tralokinumab) for use within NHS England and Wales. NICE recommends Adtralza for the treatment of moderate-to-severe atopic dermatitis (AD) in adult patients who are candidates for systemic therapy and have not responded to at least one systemic immunosuppressant, or these are not suitable.1 The NICE recommendation makes Adtralza the first and only recommended biologic for use within NHS England and Wales that specifically targets the interleukin (IL)-13 cytokine, a driver of AD signs and symptoms.1,2,3 AD affects approximately 3.5% of adults across Europe.7 “We are thrilled that today’s decision from NICE will help pave the way for atopic dermatitis patients in England and Wales to have access to Adtralza, as we continue to work alongside UK authorities to ensure reimbu

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom