Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi Ory team,

We are planning to conduct penetration testing on our system in the fall and authentication &amp; secure sessions should be tested as part of that. I could not find any penetration testing policies on your website (except mention about bug bounty program). Do you have any public penetration testing policies? If not, who should I contact when we want to conduct some testing that might or might not affect Ory network?

Please see <https://www.ory.sh/docs/ecosystem/security>

Thank you :+1: So I just looked in wrong places