Most considerations of errors and defects can be handled using the project Issues and/or Discussions.

Discovered vulnerability can be directly reported using the project Issues and/or Discussions.

TODO: Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.