As a registered publisher to OSSRH (OSS Repository Hosting) for your project, we are reaching out to inform you of an important change to the security vulnerability reporting process and to ask for confirmation of the appropriate email address for security disclosures and notifications.
Sonatype and HackerOne have teamed up to provide industry leading support to the developer and security research communities by combining their talents to create The Central Security Project (CSP). In order to ensure that we have the most recent contact details for security notifications, please reply to Elisa Velarde to confirm who on your project should receive security alerts from the new platform.
To learn more about how the platform works and how to track and submit a vulnerability, Sonatype and HackerOne will host a live webinar on June 19, 2019 at 1:00p.m. EST.
Thank you,
The Central Security Project Team