This organization is used for security-sensitive infrastructure and mission software development.

Do not open public-style issues for security findings.

Report security issues internally to:

• Scutum security leadership
• platform security owners
• designated org administrators

• do not commit secrets, keys, certificates, or credentials
• do not place customer-sensitive, export-controlled, or classified material in general engineering repositories unless explicitly approved
• do not bypass review controls for infrastructure or security-sensitive changes
• all suspected compromise or accidental secret exposure must be escalated immediately

Every reported issue should be triaged for:

• affected repo
• affected environment
• severity
• exploitability
• immediate mitigation
• owner