BTW, an important feature of these mailing lists is that anyone can post... but only the "vendor security" group can read the posts.
Thus, it is easy for an outsider with a real security issue to provide detailed information to
[email protected], while preventing unscrupulous people from reading the sensitive information.
I suppose a PM to <somebody>, plus discussion on a closed forum, is the best this forum software can handle.