Covert is not at this stage meant for end users or production use. For this reason, all security flaws should be reported as public Github issues like any other bug, and no CVEs will be issued for them.

The policy is expected to change as 1.0 is released.