Public repositories.
All current Ozark Security Labs public repositories are in scope unless a repository publishes a narrower policy.
View organizationSecurity intake
Vulnerability reports
Use this route for suspected vulnerabilities in Ozark Security Labs public projects. Send sensitive details only to the security inbox.
Private
first
first
Report route
Report privately, include evidence, and give maintainers time to respond before public disclosure.
Coordinated
disclosure
disclosure
Send reproducible evidence.
Email security@ozarksecuritylabs.com for suspected vulnerabilities in public Ozark Security Labs repositories. Please do not open a public issue for an unpatched vulnerability.
- Include enough detail to reproduce. Affected repository, commit or release, environment, expected behavior, actual behavior, proof of concept, and any logs or screenshots that help triage.
- Keep testing bounded. Avoid destructive actions, persistence, data exfiltration, privacy violations, social engineering, or activity against third-party systems.
- Expect a coordinated process. We will acknowledge reports, investigate impact, prepare fixes when needed, and coordinate disclosure timing.
Security policy
Security reporting and vulnerability disclosure belong in the same workflow: private intake, bounded testing, and coordinated remediation.
Keep testing safe.
Avoid destructive testing, persistence, data exfiltration, social engineering, service disruption, and attacks against third-party systems.
Email securityCoordinate timing.
We review reports, ask for clarification when needed, work toward a fix when impact is confirmed, and coordinate public disclosure timing.
View security.txt