Proton releases source code for password manager Proton Pass following successful security audit

Proton announced yesterday via a blog post that the source code for Proton Pass, its end-to-end encrypted password manager, has been released and underwent a security audit in May and June by the German security firm Cure53.

The audit encompassed all Proton Pass mobile apps, browser extensions, and the API. Cure53 concluded that Proton's comprehensive security assessment illustrates their dedication to maintaining a high level of security. The firm found a moderate number of issues, with most security vulnerabilities being limited in severity, thus commending the overall state of security across Proton's applications and platforms.

The audit results affirm Proton's deep security DNA and validate the architectural decisions made with Proton Pass. It also highlighted password management-specific considerations to Proton.

Proton has addressed all of the issues reported in the security audit, with the exception of one medium severity issue. This issue, tied to a platform limitation in Android, cannot be resolved at this time.