I am wondering if someone discovers a bug/exploit in Bitcoin software or protocol, who should it be disclosed to?


I am wondering if someone discovers a bug/exploit in Bitcoin software or protocol, who should it be disclosed to? Who is the authority? What would happen if the bug went public? Has it occurred in the past?

PS: This is just an hypothetical question