If you have the skills, please, please, please test or audit GoodCrypto. Publish your work. We are eager to have as many people as are willing. Try the software or review our code. Tell us what doesn't work quite right. Help us identify bugs so we can fix them.
Paid audits are too easily influenced by whoever pays. Instead we're happy to give you more credit than the developers. Or stay as anonymous as you want. Full disclosure: We did pay to have our first audit, but the auditor was almost a volunteer, and was free to audit what and how he wanted.
The "Don't trust too much" (DTTM) principle means different people need to check the same things. We're all human. Humans miss things and make mistakes.
Sure, a black hat might hide malware. We won't, but there's no good way to prove that. Most backdoors appear to be ordinary security holes. Audits work very well against those. And there are ways to catch even advanced malware.
Want to help? Just use the software and report. Or here are some topics to audit:
And some possible attacks:
If you help protect others' privacy in any way, Thank you!