How can I privately report vulnerabilities?

Alright, I'll ask it again in public.

 

How can I privately report vulnerabilities that I found in Sandboxie?

 

I wrote a letter to support@sandboxie.com and I got: "We only handle licensing questions." I messaged , and she said that issues and security problems are handled in the forums.

I don't think it's a good practice to post vulnerabilities on public forums — it simply means full disclosure. One of the issues I am planning to report is an Elevation of Privileges that can be pretty severe for an enterprise environment. I'll report it and request a CVE ID for it as soon as I create a working proof-of-concept. So, I want to contact with your development team to make sure they have time to fix it.

Do you really want me to post everything on a public forum, effectively making it a zero-day exploit?