I'm trying to find ISC2's vulnerability disclosure program. I've discovered a suspicious behaviour, leading to information disclosure, in the learnzapp applications and would like to share the details responsibly.
I attempted to find the relevant contact by looking for the standard security.txt file, however...
- https://www.learnzapp.com/security.txt does not exist.
- https://www.isc2.org/security.txt reveals a link to ISC2's bugcrowd. The link is not working.
- Searching for ISC2 on bugcrowd reveals ISC2's public engangement, https://bugcrowd.com/engagements/isc2, which is closed and does not provide a way to submit a report.
- Finally, ISC2 is also present on HackerOne, https://hackerone.com/isc2. However, attempting to contact the security team leads back to the bugcrowd portal above...
I attempted to contact support - no response.
Therefore, I'd like you to point me to the right direction. Where can I find ISC2's (or learnzapp'2) vulnerability disclosure program? Thank you in advance.