Security vulnerabilities should be disclosed to the project maintainers by email to security@cork.tech.
Yes. Any changes to the code will undergo external review. Any smart contract upgrade will be audited.
Yes! Cork will shortly announce an updated bug bounty program for Phoenix.
All audit reports are stored in the audits folder.