TrueCrypt audit finds "no evidence of backdoors" or malicious code
On Monday, after seven months of discussion and planning, the first-phase of a two-part audit of TrueCrypt was released.
The results? iSEC, the company contracted to review the bootloader and Windows kernel driver for any backdoor or related security issue, concluded (PDF) that TrueCrypt has: “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”
While the team did find some minor vulnerabilities in the code itself, iSEC labeled them as appearing to be “unintentional, introduced a the result of bugs rather than malice.” Since September 2013, a handful of cryptographers have been discussing new problems and alternatives to the popular security application. By February 2014, the Open Crypto Audit Project—a new organization based in North Carolina that seeks formal 501(c)3 non-profit status—raised around $80,000 towards this goal on various online fundraising sites.