Dusk field station

Ozark Security Labs

Evidence before alarm bells. Open-source product-security tooling and review practices for teams that need proof they can inspect.

Report a vulnerability Read the field ledger

Security reportsA clear reporting route for public project vulnerabilities and coordinated disclosure.

Company ledgerPlain-language pages for company information, policies, and contact channels.

Open source firstTools and documentation stay close to the repositories where security work happens.

Open source
field ledger

Security work should leave tracks.

Ozark Security Labs builds and maintains security tooling with a bias toward durable evidence, reviewable assumptions, and open-source collaboration.

Ozark
field station

Designed for the gap between static checks and real product behavior.

Security teams are buried in findings that lack context. Ozark Security Labs tools start closer to the application: routes, handlers, policies, sessions, dependency declarations, workflow evidence, and invariants.

The goal is not another blinking console. The goal is a defensible trail: something an engineer can reproduce, a reviewer can challenge, and a maintainer can improve over time.

Each project stays narrow by design. Small tools, sharp edges, readable output. The ledger is the product: explicit assumptions, deterministic checks, and review notes that survive the meeting.

Tool ledger

Five focused repositories. Each one exists to make a specific kind of product-security evidence easier to produce and harder to hand-wave.

FLOW

SecFlow

An LLM harness for application security engineers and defenders who need workflow evidence instead of vibes.

Open repository

DEPS

deterministic-deps

A GitHub Action that checks dependency declarations for pinned, deterministic inputs.

Open repository

LOGIC

rulepath

Deterministic analysis of business-logic flaws and invariant enforcement paths.

Open repository

AUTHZ

AuthMap

Authorization coverage mapping for routes, handlers, service calls, and data mutations.

Open repository

SESSION

SessionScope

Session, cookie, JWT, and token lifecycle auditing for product-security review.

Open repository

Reports and policies

Public pages route sensitive security work away from normal contact and keep policy language practical.

VULN

Vulnerability reports.

Report suspected vulnerabilities in Ozark Security Labs public projects privately with reproduction details and impact notes.

Read report guidance

SECURITY

Security policy.

See the project-scope expectations, testing boundaries, and coordinated disclosure posture for public repositories.

Read security policy

PRIVACY

Privacy policy.

The baseline site avoids forms, accounts, and advertising profiles. Contact flows use direct email routes.

Read privacy policy

Follow the ledger.

Ozark Security Labs builds in the open. Watch the repositories, file non-sensitive issues with concrete evidence, or send private vulnerability reports through the dedicated security channel.

Visit GitHub Contact the lab