Skip to content

Security: open-rpa/openflow

Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover any security issues, please let us know by one of the following methods:

  • GitHub Private Security Advisories
    Submit a private advisory on this repository.
  • Email
    Send an email to security@openiap.io.

We aim to acknowledge all valid reports within 48 hours.

Supported Versions

We actively provide security fixes for the two most recent major releases.
If you’re running an older version, please upgrade to continue receiving important updates.

Security Updates

  • GitHub Security Advisories
    Subscribe to be notified of any published advisories.
  • Dependabot & Automated Scans
    We use Dependabot and GitHub’s code-scanning tools to catch vulnerabilities early.
  • Third-Party Review & Penetration Testing
    We engage with independent auditors—hired by organizations using our platform—to perform annual code reviews and active penetration tests.

Disclosure & Bounty

  • Public disclosure is encouraged once a fix is available.
  • We do not currently run a paid bug-bounty program.

Thank you for helping us keep the project secure!

There aren’t any published security advisories