Skip to content

Responsible disclosure policy

In the unlikely event that security issues are found within OneWelcome Access, the responsible disclosure policy allows individuals to easily communicate their findings to OneWelcome. This allows us to further strengthen the security of our products with minimal overhead.

Configuration

In order to enable communication of OneWelcome's responsible disclosure policy, you must first enable it on the Features tab.

When enabled, OneWelcome's responsible disclosure policy for security issues will be made available on /oauth/.well-known/security.txt endpoint.

We strongly recommend enabling this feature if you want security issues to be directly communicated with OneWelcome.