Ask HN: What is the process for disclosing systemic level vulnerabilities?
Hello.
I am not a security researcher.
I uncovered an attack vector that I need guidance to disclose in an ethical and legal way.
The attack vector is not within my code. I see HackerOne disclosure as one route - https://docs.hackerone.com/en/articles/8517457-disclosure
If the path is not particular to any specific code package and is more related to supply chain attacks, then where does one go?