We use Hackerone to manage vulnerability disclosure. To disclose a vulnerability in Open Liberty please use https://hackerone.com/ibm to enter the details. It will be routed to the Open Liberty project so a fix can be provided prior to public disclosure.

The policy on the https://hackerone.com/ibm describes the policy guidelines for IBM products. Open Liberty is an IBM open source project so some of the guidelines do not apply. Specifically the first and third bullets can be ignored since they only apply to IBM products.