So far, the analyses of OpenBSD's crypto and IPSec code have not provided any indication that the system contains back doors for listening to encrypted VPN connections. The OpenBSD developers started the code audit to investigate allegations made by Gregory Perry, the former CTO of crypto company NetSec. In an email to OpenBSD founder Theo de Raadt, Perry had accused developer Jason Wright and others of having built back doors into the IPSec stack. De Raadt made the email public and presented Perry's allegations for discussion.
In another email, de Raadt now writes that, while he believes that NetSec was indeed contracted to write back doors for the FBI which were distributed as "donated" code, he doesn't think such code made it into OpenBSD. De Raadt's email also attempts to clarify the roles played by the accused developers, Jason Wright and Angelos Keromytis. Both developers did apparently work for NetSec, but de Raadt states that he does not know if they were aware that the company was working for the FBI.

However, the revision control system allows auditors to verify which developers were involved in developing which code segments. According to de Raadt, Wright was mainly involved in programming drivers and didn't have anything to do with the OpenBSD Crypto Framework (OCF). However, he did apparently work on parts of the IPSec stack. In an email, Jason Wright himself has denied the accusations that he built back doors into the OpenBSD code. However, de Raadt has criticized that Wright hasn't clarified the nature of his work at NetSec.

The link for this article located at H Security is no longer available.