Reporting security vulnerabilities in Flowable

[assaf-levkovich-novee]

Hey Flowable team,

My name is Assaf, and I'm part of the Vulnerability Research team at Novee Security.

Novee is the AI penetration testing platform built to secure constantly changing environments against attackers operating at machine speed. Its purpose-trained AI reasons like a real attacker, uncovers novel attack paths continuously, and delivers precise, personalized fixes so teams can stay one step ahead of hackers. https://www.novee.security/

We would like to report various vulnerabilities we found in Flowbale, but can't find any relevant email address to send it to.

How should we proceed?

Thanks in advance!

[tijsrademakers]

Hi Assaf, thank you for reaching out. As we are an open source project, you can just let us know here in the github issue and we can have an open discussion about it.

[assaf-levkovich-novee]

hey @tijsrademakers, thanks for the prompt response!

just to clarify, we're talking about high severity issues, so we should refrain from disclosing issues considered as zero days in publicly available github issues.

I suggest we move to a more private channel.

what do you think?

[tijsrademakers]

Hi Assaf, just reach out with a private message on my linkedin https://www.linkedin.com/in/tijsrademakers