[stusmall]

That's not a healthy assumption. Breaches can and will happen to anyone and we should assume they eventually will happen to everyone. What matters is how quickly you can detect the breach how limited the impact is. It's still too early to tell exactly whats happening here yet. That said, if this only impacted a development environment that contained no customer data then this is a good example of that principle.

[cge]

I assume it was meant as a bit of a joke with a point, because of the nature of the breach. Here, the concern is that the development environment was breached, and source code and confidential technical details were accessed. Bitwarden is fully open source, both for the client and server, and they also offer docker images to self-host the server. Unlike Lastpass, an attacker gains nothing by stealing the code that the general public doesn't already have. Bitwarden developers argue that this 'source code transparency' is important for such a security system.

However, it is at the same time fair to say that there are possible breaches for Bitwarden as well that would involve stealing information, despite being open source. Their website, the securing of the process by which their downloads and updates are produced and distributed, the way the hosting for their web vault is secured...