Supply-chain securityInnersource security advisories go GA: a private channel for private vulns
GitHub Advanced Security now lets enterprise customers publish security advisories that stay inside the enterprise, and Dependabot picks them up like it would a public CVE. Useful, narrow, and only as good as the discipline behind it.