Opportunities Submission
Contribute to DefAgent's mission of securing critical infrastructure through code, research, and vulnerability reporting.
Where to plug in.
💻 Code Contributions
Follow the developer standards, sign your work, and map security changes to MITRE ATT&CK.
Patch Requirements
- ▸Follow our Developer Standards — coding, formatting, and review conventions.
- ▸Include signed Developer Certificate of Origin (DCO) — every commit must be DCO-signed.
- ▸Provide threat model — in OWASP Threat Dragon format.
- ▸Map to MITRE ATT&CK — every security change maps to a TTP-ID.
Patch Template
[DA-{ticket}] {type}({module}): {subject}
{body}
- Risk: [Critical/High/Medium/Low]
- ATT&CK: [TTP-ID]
- Tests:
✅ Unit (90%+ coverage)
✅ Hardware (TAK-X Test Bench)
✅ Adversarial (FGSM/PGD)
How patches are reviewed.
Initial review
Within 72 hours of submission, the security team triages and acknowledges the patch.
Critical fixes
24-hour SLA for Critical-risk patches; expedited path to merge and release.
Testing
Automated SAST/DAST plus manual review — unit, hardware (TAK-X Test Bench), and adversarial (FGSM/PGD).
🐞 Bug Bounty Program
Responsibly disclosed vulnerabilities in DefAgent software, hardware, and AI models are rewarded.

In-Scope
- ▸Remote Code Execution (RCE)
- ▸Authentication bypass
- ▸Data leakage in TAK-X OS
- ▸Hardware tampering
- ▸AI model poisoning

Out-of-Scope
- ▸Self-XSS
- ▸Theoretical issues without PoC
- ▸Third-party vulnerabilities
Bug Report Template
**Title**: [CWE-ID] Brief description **Affected Component**: [e.g., DefAgent App v2.1] **Severity**: [Critical/High/Medium/Low] **Steps to Reproduce**: 1. Step 1 2. Step 2 **Impact**: [What an attacker could achieve] **Suggested Fix**: [Optional] **ATT&CK Mapping**: [e.g., T1190]
Bounty ranges by severity.
Submission Form
Submit a patch or vulnerability report directly to the DefAgent security team. For sensitive reports, use PGP.
Need help?
For sensitive disclosures, email bounty@defagent.io (PGP key 0x1A2B3C4D) or reach the team via the contact page.
Ship with DefAgent.
Patches, research, and vulnerabilities all move the mission forward. Submit yours today.