Please see the current RFC regarding the Enarx vulnerability disclosure process.