Guidelines to Vulnerability reporting

Architecture Envelope Model(AEMFVP-A) platform software stack is a collection of open source software repositories. If you think you have found a security vulnerability in a specific open source project which is part of the software stack, it is recommended to follow the vulnerability reporting guidelines specified by the respective project.
If you think you have found a security vulnerability as part of the Architecture Envelope Model(AEMFVP-A) platform software stack and does not fall into any specific open source project, then please report by email at arm-security@arm.com specifying the project name as “Architecture Envelope Model(AEMFVP-A) Platform Software”. More details can be found at Arm Developer website.