[somepleb]

Netbird has supposedly done a penetration test, but it is only supplied upon request [0]. I haven't bothered trying to get my hands on it since I don't use their product. I don't agree with gatekeeping the results instead of making them public.

NetBird should also consider publishing an SBOM, similar to what Defguard does.[1].

[0] https://trust.netbird.io/

[1] https://defguard.net/sbom/

[gnufx]

Oh, I hadn't found that. Yes, it seems strange not to publicize something like that to give users confidence (assuming the audit/pentest isn't damning). It doesn't have to have been perfect initially, as long as appropriate fixes were made.