Where/who to submit vulnerability disclosure to?

Hello! I’m an independent cybersecurity researcher and analyst, and I believe that I have found something that, for those of us who use a web application firewall (WAF) and or edge proxy on our Mattermost installs (such as Cloudflare, Cloudfront, etc) to provide additional security and hide the origin IP address of the installation, could render these efforts useless.

I’m just wondering where I should go to make a formal, secure disclosure report?

Here are details about our Responsible Disclosure Policy: https://mattermost.com/security-vulnerability-report/


Just sent an email with disclosure information in it, thank you!