We treat disclosure with care and respect as per the security disclosure policy on our website.

We consider security bugs to be those that impact the confidentiality, integrity or availability of our applications.

We use various sources such as CVSS metrics and the Bugcrowd Vulnerability Rating Taxonomy to qualify the severity of security issues. We will prioritize higher impact issues over lower impact issues.

If you have found a vulnerability, please do not file a public issue. Please follow the security disclosure policy on our website and send us your report privately via email to security@octopus.com and we'll triage the issue from there. When it is safe to do so, we will create a public issue to notify other consumers of this repository.

We don't currently offer bounty rewards for finding security issues in this repository.