A key principle in software security is to avoid “security through obscurity”: even if an attacker understands how a system is protected, they still shouldn’t be able to break it. It’s like a thief seeing that a vault has a lock: the protection comes from the secret combination (and the strength of the mechanism), not from hiding the fact that a lock exists.
In that spirit, security-sensitive companies are often encouraged to open source their software. Publishing code invites broader scrutiny, helps bugs surface and get fixed faster, and raises the bar for secure engineering across the ecosystem.
After extensive internal and external audits from industry experts (Trail of Bits), we are open sourcing the core of Bron Wallet. This will include technical cryptographic code (including the main MPC algorithms) that our team has been working on in the past year.
Open sourcing means publishing a program’s source code under a license (Apache 2.0) that allows others to read it, copy it, modify it, and redistribute it under stated terms. Crucially, it does not mean the software is “open for anyone to control”.
Most importantly, open sourcing does not weaken our security. Your keys remain protected on your wallet, and compromising a shard still requires physical access to the device and an attempt to tamper with the wallet itself. We are open sourcing the core of a reference wallet: your personal data and keys are not included. The benefit to you is that many more security researchers and developers [including via our bug bounty program] can review the core, report issues, and help us continuously harden the system you rely on.
We believe wallets should not ask users to trust opaque code. Open sourcing the core is the industry gold standard, and a concrete demonstration of Bron’s commitment to security and cryptographic rigor.
For more information, and links on how to get in touch with us, please visit: https://bugbounty.bron.org/
Check out our GitHub:
https://github.com/bronlabs/bron-crypto
