Make it more obvious how to report security related bugs
We had a report about a bug reporter getting different (and partly) conflicting advice on how to report security sensitive bugs. The canonical way of doing so is mailing to firstname.lastname@example.org. However, that seems to be not found easily. We should change that on our website.