The short answer... Yes!
XUMM has been audited. If you are interested in learning more, continue reading!
What does "audited" mean?
In this case, we are referring to a security audit by team of security engineers who's goal is to determine if any critical security issues exist and determine any possible design and implementation vulnerabilities in XUMM's code.
Why do an audit?
There are several reasons to do a security audit. They include:
- Identify security issues and system weaknesses.
- Establish a security baseline that future audits can be compared with.
- Comply with internal organization security policies.
- Comply with external regulatory requirements.
Who did the audit?
A world class security company called Cossack Labs.
If you are interested, you can learn more about Cossack Labs here: https://www.cossacklabs.com
What were the results?
The audit process is in-depth and multi-staged. While we are still waiting on their final report, we can reveal part of the Summary report:
As well, and perhaps more importantly, they found no directly exploitable vectors.
When can I view the final report?
As we mentioned, the audit process is multi-staged and quite thorough. When the final report is released we will be sure to post it here so you can review it.
We understand that you might have additional questions regarding this topic so you are welcome to contact us any time via the XUMM Support xApp in XUMM or you can simply scan this QR code with XUMM and be directed there automatically.