Due to the nature of the Open Defense Cloud products the maintainers take security very seriously.
Open Defense Cloud uses GitHub to allow submission of private security reports. Please report any security finding via this link. Maintainers will triage your report as soon as possible and get in touch with you via your report in case they have more questions.
As a security researcher, please report vulnerabilities to the OpenDefenseCloud in a coordinated vulnerability disclosure fashion. In return, maintainers pledge to engage in good faith and collaborate with security researchers to address and publish vulnerabilities found in the quota-controller as soon as possible.
Please understand that the maintainers also do not accept results of dependency scanners without proof that the detected CVE / vulnerability can be used against the quota-controller purpose.
Advisories are managed through GitHub. Public disclosure of vulnerabilities happens through GitHub. Please visit Security Advisories to review security bulletins published by the maintainers.