I've looked without success for external audit reports of either Tailscale and Netbird, like Mullvad gets. While I don't approve of the sort of auditor box-ticking we get at work, it would be reassuring to see a report from a proper security consultancy.
Netbird has supposedly done a penetration test, but it is only supplied upon request [0]. I haven't bothered trying to get my hands on it since I don't use their product. I don't agree with gatekeeping the results instead of making them public.
NetBird should also consider publishing an SBOM, similar to what Defguard does.[1].
Oh, I hadn't found that. Yes, it seems strange not to publicize something like that to give users confidence (assuming the audit/pentest isn't damning). It doesn't have to have been perfect initially, as long as appropriate fixes were made.
