Security Reporting

Security vulnerabilities are considered bugs. After all, they are. As such, security vulnerabilities are subject to the same screening as bugs, most important part of which being detailed reproduction steps. Just reference a vulnerability registry such as CVE is not enough unless the vulnerability is registered directly against NotifyBC and contains detailed reproduction steps.

To report a vulnerability privately, use Github security advisory.