Adopting a Vulnerability Disclosure Policy for our projects
Some organization might require/appreciate such policy.
We could probably base our policy on https://disclose.io/, considering they have "terms"  with canada in mind.
Updated by Christophe Bedard about 2 months ago
Thanks for opening this.
This seems to be the Linux kernel's policy: https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
Other than the emails/links, it could be used for/applicable to LTTng