Security policies in open source software

The open source community saw a number of new advances in security processes in the last year. One of those advances was the GNU toolchain community rallying around the idea of adopting security policies, with GCC and binutils already adopting one, guided by the precedent set by the glibc project as early as in 2014. The idea of a security policy in the context of software is not new; many large open source projects understand the need to define policies and procedures for reporting security iss...