Code review for any potential vulnerabilities by a non-coder

Hi Team,

I come from non-technical background with no clue about coding or programming language. I want to know how can I ensure bitwarden’s code doesn’t have any vulnerabilities before I subscribe to bitwarden. It became scary after LastPass’ hack 10 days ago… I highly appreciate your help in this regard.

thank you

Hey @Venugopal125 and welcome to the community here,

We’ve definitely had an in-pouring of new users to the platform. :slightly_smiling_face:
Always happy to help, I know going to a new product is always something to highly consider especially for something so important as a password manager.

Some of the key things I appreciate about Bitwarden overall and what drove me to the product are:

  • Open-Source code
    This means there is no “black-box” of unknowables here, everything is out in the open on how the software is handled and if any vulnerabilities or issues would be found there are many competent people watching the code base.
    Though I understand many of us simply will not have the knowledge to make sense of this, let alone be able to determine what is secure and what could possibly be a flaw.

  • Participates in Bug Bounty programs via HackerOne
    This means that should anyone find a flaw, given they go through proper disclosure either by providing an issue on their GitHub repo, or reporting via HackerOne. Bitwarden is open and accepting of tinkers who poke and prod to find issues.
    They want to know if any issue, and fix them as quickly as possible to maintain a good security product. Unlike some companies who if you inform them of a vulnerability will subsequently send you a cease-and-desist letter from their attorneys.

  • Transparency
    Bitwarden provides a significant level of detail and documentation in their help, and learning resources. Namely the Bitwarden Security Whitepaper gives a deep dive on the security and technology used by Bitwarden to keep you secure.

  • Third Party Audits
    You don’t even need to take Bitwarden’s word for anything that is said in the Whitepaper. Bitwarden has undergone several consistent 3rd-party audits from a few differing auditors. These range from code-audits, cryptographic assessments, to network assessments.
    As well as any additional compliance requirements that come with GDPR, CCPA, Privacy shield, HIPAA, and SOC 2 & 3, etc.

  • Community
    Of course I couldn’t leave out the great community here as well.
    Bitwarden fosters an excellent community forum, and between the users who volunteer their assistance, Bitwarden staff, and Bitwarden’s official support many members have their issues resolved quickly and offers a wonderful forum for discussion and cultivation of the product as a whole.

There are many other good reasons too in which to choose Bitwarden. Where there may be some features that have been lacking, Bitwarden overall has matured over its time being a fairly newer product to the password management field (and being one of the few open-source ones I am aware of), and has always prioritized security before nice-to have features.
Overall when it comes to the usability the product absolutely just works, and gives me confidence to keep my information safe.
I hope this helps to answer any questions you may have and ease your mind.