Responsible disclosure policy¶
In the unlikely event that security issues are found within Onegini Token Server, the responsible disclosure policy allows individuals to easily communicate their findings to Onegini. This allows us to further strengthen the security of our products with minimal overhead.
Configuration¶
In order to enable communication of Onegini's responsible disclosure policy, you must first enable it on the Features tab.
When enabled, Onegini's responsible disclosure policy for security issues will be made available on /oauth/.well-known/security.txt
endpoint.
We strongly recommend enabling this feature if you want security issues to be directly communicated with Onegini.