Hello! I’m an independent cybersecurity researcher and analyst, and I believe that I have found something that, for those of us who use a web application firewall (WAF) and or edge proxy on our Mattermost installs (such as Cloudflare, Cloudfront, etc) to provide additional security and hide the origin IP address of the installation, could render these efforts useless.
I’m just wondering where I should go to make a formal, secure disclosure report?