| Version | Supported |
|---|---|
| 1.x | ✅ |
| 0.x | ❌ |
Any security vulnerabilities should be brought to the attention of the STIGQter team. Two options exist for reporting a security concern:
- File an issue on github requesting that someone reach out to you with an encryption key
- Reach out to squinky86 directly ([email protected])
An option for a private encryption key to continue security discussions will be provided within 72 hours.
Security issues receive the highest triage priority. Any security issues will be addressed, and a CVE will be requested for issues that rise to a moderate or higher level. In the event of disagreements on issue severity, the STIGQter team requests a 60-day triage period to resolve any issues before going through public disclosure.