Despite our best efforts, security bugs will creep into deployed production code. When this happens, members of the community might reach out to report these bugs to you. Your team needs to be prepared to both receive and encourage these forms of responsible disclosure.