LF Energy has released the results of an independent security audit of EVerest, its open source firmware stack for electric vehicle (EV) charging stations, marking an important milestone for security transparency in the global EV charging ecosystem.
The audit was conducted by Quarkslab and coordinated by the Open Source Technology Improvement Fund (OSTIF). The full technical report has been made publicly available, reinforcing the growing role of open source governance in critical energy and mobility infrastructure.
Proactive Security for Rapidly Scaling Infrastructure
According to LF Energy, the audit was initiated proactively rather than in response to known security incidents. EVerestโs rapid adoption across hundreds of thousands of charging points worldwide made it an ideal candidate for an early, comprehensive review of real-world security posture.
EVerest functions at the intersection of electric vehicles, power grids, cloud platforms, and on-site energy systems, making software security a foundational requirement as EV infrastructure scales globally.
Scope and Methodology
The 42-day assessment focused on EVerestโs publicly available codebase and its implementation of critical protocols commonly used in EV charging environments, including OCPP and ISO 15118.
The audit process included:
- Static and manual code review
- Dynamic analysis and runtime inspection
- Protocol-level threat modeling and evaluation
Quarkslab worked closely with the EVerest maintainer community to develop a customized threat model, ensuring that the assessment prioritized realistic attack surfaces and deployment scenarios.
Key Findings
The audit identified 14 security-relevant findings across varying severity levels:
- 6 high-severity
- 6 medium-severity
- 5 low-severity
- 3 informational observations
Importantly, the auditors highlighted EVerestโs modular architecture and strong isolation principles as meaningful strengths. These design choices help limit the potential blast radius of vulnerabilities and contribute positively to system resilience.
LF Energy confirmed that all identified issues have already been addressed by the EVerest community following the audit.
Open Source, Security, and Trust
By publicly releasing the audit findings, LF Energy and the EVerest community underscore a broader trend in climate and mobility technology: open source infrastructure paired with professional security review and transparent remediation.
This collaboration brought together:
- Open source maintainers and contributors
- Independent cybersecurity specialists
- OSTIF as a neutral coordinator
- Foundation-level investment in long-term project health
Such models are increasingly relevant as software becomes a core dependency in energy transition infrastructure.
Accessing the Full Report
The complete technical audit report, including threat modeling details and remediation guidance, is publicly accessible via OSTIF. Additional resources are also available for developers, operators, and organizations interested in contributing to or deploying EVerest.
As EV charging networks continue to expand globally, initiatives like this audit highlight how proactive security and transparent governance can strengthen confidence in the digital foundations of climate-critical infrastructure.