How can we disclose a bug or a security vulnerability in a decent but effective manner?
Try reading disclosed reports at hackerone.
Be short efficent and easy to understand alot companies like a short video on how to reproduce the vuln. Also proivde a remedation