In July, we announced the release of SecureDrop 0.3.4 and published the accompanying security audit by iSEC partners (now NCC Group). The audit found 10 issues, one of which – issue 7, Finding ID iSEC-15FTC-4 – was redacted. It was redacted because it was not an issue in SecureDrop itself, but in one of its dependencies. At the time, NCC Group and Freedom of the Press Foundation agreed that NCC Group should responsibly disclose the issue to the affected project's team, and that we would wait until the project team had had time to develop a fix before publicizing the issue. Read More

Today, we're publishing the second security audit of SecureDrop, our open-source whistleblower submission system. Since we took over managing the project in October, we have made so many upgrades to the code (based on the first security audit done by University of Washington researchers and Bruce Schneier), that we felt it was necessary to put it through another round of testing. Read More

Freedom of the Press Foundation has taken charge of the DeadDrop project, an open-source whistleblower submission system originally coded by the late transparency advocate Aaron Swartz. In the coming months, the Foundation will also provide on-site installation and technical support to news organizations that wish to run the system, which has been renamed “SecureDrop.” Read More