The VMware Security Response Centre Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal(now part of VMware) products and coordinates the process of investigating any reported vulnerabilities.
We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.
The e-mail address to use to contact the team is security@vmware.com.
Please note that the e-mail address above should only be used for reporting undisclosed security vulnerabilities in Pivotal(now part of VMware) products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.
If you wish to send encrypted email, our public key can be obtained from here. The fingerprint is: A624 C694 5F9F B1B9 4FC3 9CDC 0C47 26F1 56E2 F643