The vulnerability must not be disclosed publicly or to any other person, entity or email address before Volmex Labs has been notified, has fixed the issue, and has granted permission for public disclosure. In addition, disclosure must be made within 24 hours following discovery of the vulnerability.