We take the security of Bitwarden seriously. In addition to our open source codebase and public bug bounty program, we also understand the need for official security assessments and penetration testing from reputable third parties. In November, 2018, Bitwarden successfully completed a source code audit and cryptographic analysis by security firm Cure53.

In our commitment to a regular cadence of security audits on various aspects of the Bitwarden platform, we are pleased to announce that Bitwarden has completed a thorough security assessment and penetration test by auditing firm Insight Risk Consulting.

In the interest of providing full disclosure, below you will find the executive summary that was compiled from the team at Insight Risk Consulting along with an internal report containing a summary of each issue, impact analysis, and the actions taken/planned by Bitwarden regarding the identified issues. We are happy to report that no major issues were identified during this audit. One moderate issue has been patched in the latest Bitwarden server update.

We hope that this assessment reiterates our commitment to the security and integrity of the entire Bitwarden platform and helps further strengthen the trust that our users place in Bitwarden every day.

If you have any questions regarding this security audit feel free to contact us.