Any security vulnerabilities should be brought to the attention of the STIGQter team. Two options exist for reporting a security concern:

1. File an issue on github requesting that someone reach out to you with an encryption key
2. Reach out to squinky86 directly (jwh0011@auburn.edu)

An option for a private encryption key to continue security discussions will be provided within 72 hours.

Security issues receive the highest triage priority. Any security issues will be addressed, and a CVE will be requested for issues that rise to a moderate or higher level. In the event of disagreements on issue severity, the STIGQter team requests a 60-day triage period to resolve any issues before going through public disclosure.