Red Hat is highly committed to the security of our open source projects (including community Ansible and AWX), our commercial solution (which is Red Hat Ansible Automation Platform), and our supporting infrastructure. Reports or security concerns can be reported by email to firstname.lastname@example.org and we will respond promptly. We practice responsible disclosure and will update software promptly when we agree an update is required.
In conjunction with a report to us, we will gladly disclose the nature of problems reported, but request a reasonable amount of time to update our software before an announcement is made. We may also need time to evaluate the problem and explore details with you, depending on the nature of the report—and would like to agree on a date for the release of the disclosure information that can coincide with a software update.
We'll also happily credit researchers in the announcement of vulnerabilities in our announcements.