Has Standard Notes completed a third-party security audit?

We've completed three (3) security audits to date by industry-leading security firms, which cover the entirety of our ecosystem. You can review the results below.

Client-side Protocol and Encryption Security Assessment

This audit covers the entirety of our shared client-side framework for encrypting and syncing data, and covers our usage of industry-leading algorithms like Argon2 and XChaCha20-Poly1305.

Conducted by Trail of Bits, New York.
View Report
Full Ecosystem Penetration Test

This extensive audit covered the entirety of our ecosystem, both client-side and server-side, with the aim of penetrating the code and executables to achieve unintended effects and discover latent vulnerabilities. We're happy to report that 100% of the issues found were promptly resolved.

Conducted by Cure53, Berlin.
View Report
Cryptography Design Review

This early audit helped ensure our initial client-side encryption and server-side communication systems were built correctly and strongly.

Conducted by Shackle Labs, United States.
View Report

Standard Notes

Has Standard Notes completed a third-party security audit?

Client-side Protocol and Encryption Security Assessment

Full Ecosystem Penetration Test

Cryptography Design Review

More from

Privacy & Longevity

General

Usage

Extended Account

Two-factor Authentication

Note History & Backups

Mobile

Extensions

Open-source

Listed

Resources

Community

Support

Spread the word