Skip to content

Security: OctopusDeploy/Issues

Security

SECURITY.md

Reporting security issues

We treat disclosure with care and respect as per the security disclosure policy on our website.

What do we consider a 'security issue'?

We consider security bugs to be those that impact the confidentiality, integrity or availability of our applications.

We use various sources such as CVSS metrics and the Bugcrowd Vulnerability Rating Taxonomy to qualify the severity of security issues. We will prioritize higher impact issues over lower impact issues.

Reporting a Vulnerability

If you have found a vulnerability, please do not file a public issue. Please follow the security disclosure policy on our website and send us your report privately via email to security@octopus.com and we'll triage the issue from there. When it is safe to do so, we will create a public issue to notify other consumers of this repository.

Is there a bounty if I find an issue?

We don't currently offer bounty rewards for finding security issues in this repository.

There aren’t any published security advisories