Any guidelines for security related bug reports?

Hello here!

I think, I have found a pretty significant security-related bug in
OpenSSL library. What are the guidelines for reporting them?
Should I post it directly on the mailing list? Or to provide the info to
maintainer first?

Best regards,
Ing. Andrey Romanov
CompEd Software Design Srl,
Italy


______________________________________________________________________
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]openssl-dev@openssl.org[/email]
Automated List Manager [email]majordomo@openssl.org[/email]