Netbird has supposedly done a penetration test, but it is only supplied upon request [0]. I haven't bothered trying to get my hands on it since I don't use their product. I don't agree with gatekeeping the results instead of making them public.
NetBird should also consider publishing an SBOM, similar to what Defguard does.[1].
Oh, I hadn't found that. Yes, it seems strange not to publicize something like that to give users confidence (assuming the audit/pentest isn't damning). It doesn't have to have been perfect initially, as long as appropriate fixes were made.
gnufx|29 days ago