It might be nice to provide a web form to submit security issues.
Such a form could nudge people towards providing quality/complete reports, and would be a way for projects to pass the "the project MUST include how to send the information in a way that is kept private" vulnerability_report_private requirement of the OpenSSF Best Practices badge (now that we removed our public keys from https://www.apache.org/security/#reporting-a-vulnerability)
It might be nice to provide a web form to submit security issues.
Such a form could nudge people towards providing quality/complete reports, and would be a way for projects to pass the "the project MUST include how to send the information in a way that is kept private"
vulnerability_report_privaterequirement of the OpenSSF Best Practices badge (now that we removed our public keys from https://www.apache.org/security/#reporting-a-vulnerability)