I'm wondering how to report security related issues privately.
It would be nice to have a way to report security vulnerabilities privately to the authorized body and annouce security flaws publicly not before there is a fixed version available.
This leads to my second question.
Where can I receive security reports and recommendations about available fixed versions?
Ideally such reports contain ratings about how severely the impact of the security vulnerability is rated (like CVE).