I love the fact that your backlog is very transparent, and that I can see a list of all tasks completed for a given release.

However, I was wondering how you handle tasks for compromising bugs? For instance, one could look in the backlog for a bug that states "If you send '123' to the master realm token endpoint at precisely 6:59am on a Tuesday, and you will be granted an admin token! Please Fix!", and use that information to gain access to the systems of those using Keycloak.

Thank you in advance.