CiviCRM's Security Working Group exists to address reported security issues regarding CiviCRM sites and data. The security working group:
The security working group occasionally performs a security analysis of core or extension code, especially if there is a weakness that can be easily identified, but in general does not review core or extension code.
If you wish to contribute towards the security working group, please contact the security team at firstname.lastname@example.org. The security team lead is Chris Burgess.
To report a security issue, please follow the guidelines on how to report a security issue to CiviCRM.