It's reasonable to want to see an audit report but bear in mind:
1. There aren't many audit firms qualified to do that audit, and only a subset of the people at most of the qualified firms are themselves qualified.
2. As a result, none of WireGuard's competition has been meaningfully audited --- all of them have been audited, but the projects are pretty much seen as a well that we can keep going back to for more bugs.
The only exception to that rule is probably OpenSSH, which despite the very complex code base has received pretty significant coverage --- not so much from formal audits (it's had some, but they're the same kind as I just described above) but from a decade of close scrutiny.
Against the desire for an audit, I'd also bank:
- The author is a Linux kernel vuln researcher
- The codebase is deliberately tiny
- The protocol was streamlined specifically to make it possible to implement as simply as it was
> 1. There aren't many audit firms qualified to do that audit, and only a subset of the people at most of the qualified firms are themselves qualified.
I know of one (and we're hosting the dude who wrote the Wireguard go implementation this summer (hey Mathias))
1. There aren't many audit firms qualified to do that audit, and only a subset of the people at most of the qualified firms are themselves qualified.
2. As a result, none of WireGuard's competition has been meaningfully audited --- all of them have been audited, but the projects are pretty much seen as a well that we can keep going back to for more bugs.
The only exception to that rule is probably OpenSSH, which despite the very complex code base has received pretty significant coverage --- not so much from formal audits (it's had some, but they're the same kind as I just described above) but from a decade of close scrutiny.
Against the desire for an audit, I'd also bank:
- The author is a Linux kernel vuln researcher
- The codebase is deliberately tiny
- The protocol was streamlined specifically to make it possible to implement as simply as it was