Concern about code quality is legitimate, and vulns discovered is one metric for that, but I worry that hopping to the unreviewed (and therefore lacking vuln disclosures) app is even worse. But I don't use lastpass.
Other managers have been reviewed, and found better success than LastPass. I (finally) signed up for a password manager a little while ago, and after some evaluation chose 1Password.
A big part of that decision was that they have been reviewed/audited and there were a couple vulnerabilities found, but they were all minor, which indicates to me the system is pretty secure. The nature of the bugs was also comforting in that they seemed like small oversights, compared to a lot of the LastPass bugs which seem like "holy shit how did you let this happen".
A big part of that decision was that they have been reviewed/audited and there were a couple vulnerabilities found, but they were all minor, which indicates to me the system is pretty secure. The nature of the bugs was also comforting in that they seemed like small oversights, compared to a lot of the LastPass bugs which seem like "holy shit how did you let this happen".