The project was in contact with TrueCrypt developers (someone who could sign messages using the release keys, and provide images of the build machine that is nearly impossible to reproduce).
They reviewed the bootloader which is one of the most complex parts and touched all the crypto and found no serious issues. That suggests that the rest of the mundane code is probably in pretty good shape.
Of course it is not a guarantee that things are perfect, but it suggests that the developers a) knew what they were doing b) had no issues with an external audit.
They reviewed the bootloader which is one of the most complex parts and touched all the crypto and found no serious issues. That suggests that the rest of the mundane code is probably in pretty good shape.
Of course it is not a guarantee that things are perfect, but it suggests that the developers a) knew what they were doing b) had no issues with an external audit.