Just to CLARIFY, we said that this post stated that the email address “barberry -at- amulet.dev” should be used for Barberry incident response. The exact quote from the post:
If your chain is running on v0.45 or below with backported features from SDK modules and you are concerned about being vulnerable to this issue, please reach out to barberry@amulet.dev where members of the Informal Systems and Amulet teams will be on hand to help identify, if your chain is vulnerable and to assist with patching.
Beyond this, every key repo has a security.md file with the latest and most accurate process for reporting vulnerabilities, e.g. https://github.com/cosmos/gaia/blob/main/SECURITY.md