The project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via Fastly’s security issue reporting process.
Remediation of security vulnerabilities is prioritized by the project team. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The team announces security issues via GitHub on a best-effort basis. Vulnerabilities related to Go itself are published in golang-announce mailing list.
Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from Fastly Security Advisories.