Many times working with software we find issues which are more than a bug. We find flaws which can cause huge damage to our applications and of others if exposed & misused. We might also get to know that our application was attacked and we have considerable information regarding this attack.
What shall we do with this information? This information can be discussed further publically, reported to the software vendor, do nothing about it. What is really the right step to take? Many organizations have proper channel for reporting such information.
Adobe also has a dedicated team PSIRT for handling security issues for all products. The members of PSIRT work with security researchers and engineers to verify investigate and respond to reports of software vulnerabilities in shipped products and then resolve them to protect the users. Adobe encourages customers, security professional and other security community members to report new vulnerabilities, incidents or suspicious issues directly for ensuring swift and appropriate resolution. Whenever you discover about a vulnerability or security issue in an Adobe Product, you can report it via either – sending an email to PSIRT@adobe.com or via filling a web form available here.
Read here for Adobe’s security processes and here for details on PSIRT.
On a closing note, reporting vulnerability privately is better as it prevents mass exploitation.
