Has anyone/any company (with a track record) externally audited the third-party FOSS bunqDesktop app? Anyone know?
I was wondering, since bunq doesn't seem to be interested in making their own (or acquire/fork this app and make it official ;)) desktop app nor a webversion, if this app has not been audited: maybe bunq can make a donation towards having it externally audited? :) Such a thing for a relatively small application costs a few thousand dollars. Which isn't insanely much considering the potential impact of a flaw...
I can understand if bunq wouldn't want to do that, but all the same: it'd be nice considering you're forced to use a third-party app if you want to have the convenience. :) (And bunq would just donate, it wouldn't have to acknowledge the investigation reports nor take any responsibility for it.) That it's opensource is not directly relevant as opensource isn't the holy grail of security.
I don't mean this with any disrespect to the creators/programmers of this application nor am I doubting their skills and attention to security detail. It's just that an experienced auditor looking it through can't hurt and would be very nice plus may make people more comfortable to use it and get more people interested in contributing code from the point it was audited and more people can monitor/check new changes. :)
Just a thought. :)