If you have any security concerns regarding Security Onion or believe you have uncovered a vulnerability, please follow these steps:

  • send an email to
  • include a description of the issue and steps to reproduce
  • please use plain text format (no Word documents or PDF files)
  • please do not disclose publicly until we have had sufficient time to resolve the issue


This security address should be used only for undisclosed vulnerabilities. Dealing with fixed issues or general questions on how to use Security Onion should be handled via the normal Support channels.