I need to understand how to report a security vulnerability on a web application, given the website owners have no such bug bounty programs.
Brief information on target: The website is built to support a small business. Their business impact may be limited to a city.
So I want to know:
How to initiate a discussion over the existing vulnerability on a positive approach?
Is proton mail is good option for conversation, or their is better secured and if possible anonymous platform?
Is their a report format that I can use to share details about exact vulnerability and exploit that I built?
Thanks.
