It would be nice if the current guide for those reporting vulnerabilities included outlines - or just linked to articles - on what makes a good vulnerability report.

For example this article: https://medium.com/swlh/how-to-write-a-better-vulnerability-report-20163ab913fb

That way we can have a shared point of reference to link to, rather than each project might coming up with their own examples or finding their own articles to link to.

hi all from the Advisory Database team 👋 I stumbled upon this issue while doing some Swift vulnerability research and wanted to share this resource that we developed in the Open Source Security Foundation with your security working group! the Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects was developed for the community, so please feel free to use it if it's helpful for this issue 😄 GitHub has also recently released a Private Vulnerability Reporting feature that might interest your group in regards to this issue too 👍