OWASP Autonomous Penetration Testing Standard (APTS) is a documentation and governance standard. It contains no executable code, software dependencies, or running services. There is no attack surface in the traditional sense.

If you find an issue with the standard's content (incorrect security guidance, misleading requirements, broken cross-references, or documentation of insecure patterns), please open a GitHub Issue.

For issues you believe are sensitive and should not be disclosed publicly (for example, guidance that could lead to harm if followed), email the project lead at jinson@owasp.org or use GitHub Security Advisories.

For general OWASP security concerns, contact security@owasp.org.