The AISVS leaders and community take all security bugs seriously. We appreciate your efforts to disclose issues responsibly, and will make every effort to acknowledge your contributions. To help us with the vulnerabilities you have identified, please follow the reporting guidelines below to submit your finding.

We aim to reply within 3 days of receiving your finding. If a finding is accepted, we aim to publish a patch within 6 days. If it is declined, we will reply to let you know.

Email jim@owasp.org with the following information:

1. Name / affiliation
2. Vulnerability description
3. Steps to reproduce the issue
4. Current public knowledge of this vulnerability (e.g. related CVE, security advisory, etc.)

Acknowledgments are listed in the AISVS Hall of Fame.