There had been some discussion around security and coordinated disclosure plans here on the forum and so today we’ve released a new security-related task.
This new coordinated disclosure task allows you to tell us about your project’s security policy. If your project opts in to the Tidelift-managed process, all you need to do is link to our reporting page and provide a point of contact. If your have your own process in place, you’ll just provide a link to your security policy page.
Edit: There is also a related blog post here: https://blog.tidelift.com/enough-of-zero-day-fire-drills