Dear colleagues,

Security is always high on our list of priorities for RPKI. Every year, we ask an external party to carry out a security audit of our RPKI systems. This is the first year that we are publishing the security report, in an effort to increase transparency and trust in the RPKI system. 

Please note that the report also listed several recommendations that should be included in a penetration test. These recommendations have been redacted from the original report, as we will include them in the penetration test scheduled for June 2021. Also, some comments about the proprietary software for the Hardware Security Module have been redacted. 

On https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/security-and-compliance you will now find the RFC compliance report written by Radically Open Security in 2020 and our response to their findings. 

We hope you will find these reports useful, and we look forward to your feedback.

Kind regards,
Nathalie Trenaman
Routing Security Programme Manager
RIPE NCC