Oh, and here's the Open Technology Fund's comment: <a href="https://www.opentechfund.org/article/bringing-openness-security" rel="nofollow">https://www.opentechfund.org/article/bringing-openness-secur...</a>
We at LeastAuthority have written a blog post about the Cryptocat audit from our perspective: <a href="https://leastauthority.com/blog/" rel="nofollow">https://leastauthority.com/blog/</a>