SECURITY.md: vendor contacts #2
Description
How [will] the vulnerability[…] be reported to projects/vendors affected[?] Should that be spelled out? At the very least there needs to be a way for vendors to provide a point of contact to the chairs.
{{ message }}