If you believe you have discovered a vulnerability, we maintain a policy which aims to provide guidelines for submitting vulnerabilities discovered within Sage products and services.
Our policy can be found at the below link:
https://hackerone.com/sage-group
This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to us. We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always act in compliance with it.