Skip to main content

Audit Status

Where our security stands — honestly

We will not claim an independent audit we have not had. Here is exactly where VaultPass is today: internally reviewed, open to researchers, with a full external audit planned — scoped and ready, not yet scheduled.

Internal Security Review
Complete · 2026-06-14

Grey-box source review of the crypto core, all API routes, authentication/MFA, and the succession protocol, modelled on Cure53 methodology. No Critical or High findings. All Medium findings resolved before public launch.

Download the report (PDF) →
Community Bug Bounty
Active now

Public invitation for independent researchers to find and responsibly disclose vulnerabilities. Valid findings earn Hall of Fame credit and CVE recognition.

Read the disclosure policy →
External Professional Audit
Planned · not yet scheduled

Independent third-party cryptographic and application security audit by a specialist firm. Auditor not yet selected. The full report will be published here on completion — we will not summarize or redact it.

View the full security architecture →

You don't have to trust any of this. The cryptographic primitives are browser-native and verifiable in your own console — run the proof yourself →