Independent security audit

brianp · June 3, 2018, 11:28am

I’m new and trying out bitwarden for my business. I found the lack of an ouside audit mentioned in a couple of reviews online and discussed in this reddit thread but not listed here as a new feature request.

https://www.reddit.com/r/Bitwarden/comments/7xl9qg/full_formal_security_audit/

tobias.s · July 27, 2018, 12:11pm

Discussion about security audit on GitHub

github.com/bitwarden/server

Security audit

opened 09:41PM - 19 Jan 17 UTC

closed 04:09PM - 12 Nov 18 UTC

fredericmohr

help wanted

Not sure in which repository this belongs, probably in all of them. Bitwarden sh…ould get a security audit to find and squash any security issues that might hide somewhere. Obviously there is the problem of financing, so maybe this can be of help. Doesn't hurt to try it, right? https://blog.mozilla.org/blog/2016/06/09/help-make-open-source-secure/ https://docs.google.com/forms/d/e/1FAIpQLScLwANEOvLBE6gnFVoiamqHOYzzkaChpdQJ7f0PlZGmfyy94w/viewform https://wiki.mozilla.org/MOSS/Secure_Open_Source

tobias.s · August 17, 2018, 6:20pm

“We are scheduled with Cure53 for later this year to perform a complete audit of the backend server (core), web vault, desktop apps, browser extensions, and jslib (the library that powers most of our client apps).” https://github.com/bitwarden/core/issues/27#issuecomment-413937252

bobby_shaftoe · August 17, 2018, 8:30pm

This is great news. After the security audit, I would be willingly pay for a premium, even though free plan is satisfying for my use case.

Oliv_er · October 11, 2018, 7:25am

Any updates on this? Has it started?

kspearrin · November 12, 2018, 4:08pm

This has been completed. See here:
https://blog.bitwarden.com/bitwarden-completes-third-party-security-audit-c1cc81b6d33

Shackrock · January 5, 2019, 9:19pm

Yes, this should be closed as completed.