Bitwarden security audit renewal

Hi,

I’m thinking about the fact that Bitwarden should be audited again in the future. The reasons I believe that are :

  1. future change to encryption protocols or hashing (new flaws discovered, or obsolete ones);
  2. error in codes in implementing new features or correcting some issues (lot of potential mistakes)
  3. changes in OS or browsers that are compatible wit Bitwarden
  4. etc.

It may sound paranoiac, but, passwords managers should be be a bit more paranoiac than the vast majority of softwares, no? Maybe it could be done at a regular time or within a certain range of changes. I know that Hacker One is involved it Bitwarden, but, I fear that it’s not as serious as a full audit done by a serious security company. When I look to Hacker One activity related to Bitwarden, it seems a bit light…

I guess it needs, at least, some thinking about it.

I would hope that there’ll be regular pen testing carried out by a third party. Would be nice to get more details on this.

1 Like