Responsible (and ethnical) disclosure dilemma

Hey folks:

I have a dilemma that I would like to run by you all. Assuming you are an employee of a company, and the company have a SaaS platform on the web. Assuming you've read the source code, and have determined that there are bugs and vulnerabilities in which are leaking user's data. This is also reproducible by anyone using the platform with your typical browser inspection tools and curl. (Think lack of authorization checks, guessable incremental IDs...)

You've …

bugs code cybersecurity data dilemma disclosure employee hey platform responsible run saas source code the company the web vulnerabilities web