Vulnerability reporters play a crucial role in the open source ecosystem by helping maintainers identify and patch security flaws before they can be exploited. The recommended approach for reporting vulnerabilities is through coordinated vulnerability disclosure (CVD), where reporters privately communicate with project maintainers to address the issue confidentially before public disclosure. This guide emphasizes the importance of reviewing the project's security policy, identifying the correct security contact, understanding the vulnerability management process, and crafting a clear and concise vulnerability report. Effective collaboration and communication between reporters and maintainers are essential, with reporters encouraged to adopt a maintainer-first approach, offer remediation advice, and work in private environments to prevent premature exposure of vulnerabilities. The guide underscores the value of recognizing the contributions of reporters, the importance of setting clear disclosure deadlines, and the need for patience and professionalism if challenges arise during the disclosure process.