JamieSlome
commented
2 years ago @HDVinnie - I am currently operating a manual system whereby we can make the repository receive reports if they do have an obfuscated e-mail.
For you or anyone else that sees this ticket, feel free to get in touch with the repository that has an open security policy process, i.e. an e-mail, which is obfuscated, and will be happy to address this on a case by case basis in the meantime.
Can we please make it so we can disclose on repos with a security.md that has an obfuscated email....I know your system needs a parseable e-mail in their SECURITY.md so your automation system can automatically reach out to the maintainer. But I can just reach out myself like I have done with many repos that do not have a MD file at all.