Report suspected security issues in the ODTIS specification, Annex A OpenAPI contracts, or published site content to info@odtis.org.

Please do not open public GitHub issues for undisclosed vulnerabilities.

For VenID reference implementation code, use the same contact until core-impl publishes a dedicated security policy.