[xxkylexx]

@Aquakor I am the lead developer of Bitwarden and was intimately involved in the security audit mentioned. I can understand that those two paragraphs may seem a bit concerning out of context. To provide more context, there were several points discussed between the Bitwarden developers and the auditing team about how we could redesign specific features (ex. organization user confirmations) so that the crypto implementations would be stronger and more resilient against certain attack vectors. A consensus was reached and that is what is being referenced here about re-designing things.

The purpose of an audit like this is to find issues. When issues are found, that is a good thing. We want to find problems so that they can be fixed. What would be bad is if we found issues that could not be properly fixed, or an abnormally large number of issues, neither of which was the case with Bitwarden. What I can tell you is that all issues referenced in this audit have already been resolved in very short order (the audit was only completed just last week), with relatively simple fixes, and that Bitwarden is even safer to use today than it was before.