The VMware Security Response Centre Team provides a single point of contact for the reporting of security vulnerabilities in Carvel (part of VMware) products and coordinates the process of investigating any reported vulnerabilities.
Reporting a Vulnerability ¶
We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.
The e-mail address to use to contact the team is firstname.lastname@example.org.
Please note that the e-mail address above should only be used for reporting undisclosed security vulnerabilities in Carvel (part of VMware) products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.