Owlscope is currently in early-stage open-source release.

If you discover a security issue, do not open a public issue first.

Please report privately with:

• Affected component and version
• Reproduction steps or proof of concept
• Impact assessment
• Suggested fix (if available)

Contact:

• Open a private security advisory in GitHub (preferred)
• Or email the maintainers: security@owlscope.dev

• Initial acknowledgement: within 72 hours
• Triage and severity assessment: within 7 days
• Fix and coordinated disclosure: based on severity and impact

• We follow coordinated disclosure.
• Please avoid sharing exploit details publicly before a fix is available.
• Credit will be given to reporters who follow responsible disclosure practices.

• Use strong secrets and rotate keys regularly.
• Run behind TLS and a reverse proxy.
• Restrict network access to PostgreSQL/Redis/Qdrant.
• Keep dependencies updated.
• Monitor API and access logs for suspicious activity.