Audit Status
Where our security stands — honestly
We will not claim an independent audit we have not had. Here is exactly where VaultPass is today: internally reviewed, open to researchers, with a full external audit planned — scoped and ready, not yet scheduled.
Grey-box source review of the crypto core, all API routes, authentication/MFA, and the succession protocol, modelled on Cure53 methodology. No Critical or High findings. All Medium findings resolved before public launch.
Download the report (PDF) →Public invitation for independent researchers to find and responsibly disclose vulnerabilities. Valid findings earn Hall of Fame credit and CVE recognition.
Read the disclosure policy →Independent third-party cryptographic and application security audit by a specialist firm. Auditor not yet selected. The full report will be published here on completion — we will not summarize or redact it.
View the full security architecture →You don't have to trust any of this. The cryptographic primitives are browser-native and verifiable in your own console — run the proof yourself →