I’m thinking about the fact that Bitwarden should be audited again in the future. The reasons I believe that are :
- future change to encryption protocols or hashing (new flaws discovered, or obsolete ones);
- error in codes in implementing new features or correcting some issues (lot of potential mistakes)
- changes in OS or browsers that are compatible wit Bitwarden
It may sound paranoiac, but, passwords managers should be be a bit more paranoiac than the vast majority of softwares, no? Maybe it could be done at a regular time or within a certain range of changes. I know that Hacker One is involved it Bitwarden, but, I fear that it’s not as serious as a full audit done by a serious security company. When I look to Hacker One activity related to Bitwarden, it seems a bit light…
I guess it needs, at least, some thinking about it.