We are very grateful to those who have pointed out essential security problems with our offerings.
|Person||Organization||Security Issue(s) Raised|
|Peter Carson||Envision IT||need separate consent experiences for onboarding a tenant for read vs. onboarding a tenant for write|
need documented operational processes (important for SOC 1 and 2 compliance)
|Jennifer Johnson||Microsoft||need documented security architecture (important for any security conscious customer)|
|Aviad Carmel||Salt Labs||you must verify audience claims in OAuth tokens|