Private vulnerability reporting now generally available

Open source maintainers and security researchers embrace a new best practice to report and fix vulnerabilities.