Reporting security vulnerabilities is of great importance for us.

In the case of a security vulnerability report, we ask the reporter to send it directly to security@open-aspm.org

If you report security vulnerabilities, do not forget to tell us if and how you want to be acknowledged and if you already requested CVE(s). Otherwise, we will request the CVE(s) directly.

We firmly believe that, even though unfortunately it is often not regarded as common practice in our industry, being as transparent as possible about vulnerabilities, no matter how minor, is of crucial importance. At OpenASPM Project, we care about the security of our users and prefer to have a high number of published CVEs rather than sweeping some of them under the rug.