Sensitive security-related questions, comments, and reports should be sent to the gvisor-security mailing list. You should receive a prompt response, typically within 48 hours.
Policies for security list access, vulnerability embargo, and vulnerability disclosure are outlined in the community repository.