Has the code been reviewed?
Here is an overview of the recent reviews of key passbolt components and libraries.
Passbolt Web Extension: reviewed several times by Mozilla Add-on reviewers in the course of 2017 as part of the original AMO extension approval process, leading to several improvements in versions 1.6.3, 1.6.4 and 1.6.5.
Passbolt API: the v2.0.0-RC branch was reviewed by CakeDC in December 2018. You can learn more about the findings here.
Openpgp.js code base has undergone two complete security audits from Cure53. Reports can be found here
Cakephp was reviewed by NCC Group, you can browse the full report here
Additionally three security vulnerabilities have been reported by independent security researchers in the course of 2017.
The code review work will never be done, feel free to contact us if you want to contribute at email@example.com.
Other frequently asked questions in the same category
- How can I report a security vulnerability?
- What data is encrypted in passbolt?
- What kind of encryption does passbolt use?
- Has the code been reviewed?
- How does authentication work in passbolt?
- How can I change my passphrase?
- Is open source software less secure?
- My secret key and passphrase are compromised, what do I do?
- Does passbolt support revocation certificates?
- How are public keys trusted?
- What is the security token?
- Is it secure to use passbolt in its current version?