[keycloak-user] Management of compromising bug tickets

Hey all, I love the fact that your backlog is very transparent, and that I can see a list of all tasks completed for a given release. However, I was wondering how you handle tasks for compromising bugs? For instance, one could look in the backlog for a bug that states "If you send '123' to the master realm token endpoint at precisely 6:59am on a Tuesday, and you will be granted an admin token! Please Fix!", and use that information to gain access to the systems of those using Keycloak. Thank you in advance.