Recommend to add a security.txt file to all repos (RFC 9116)
Found here: https://twitter.com/GossiTheDog/status/1519502619034673154?t=qwW_gUGDzlvHai0QND9Yxw&s=09
security.txt
has become an official standard defined in https://www.rfc-editor.org/rfc/rfc9116.
It lists contacts in case of security vulnerabilities and gives credits to reporters + more.