Description
In GitHub repos, if you add a SECURITY.md file to the repo, it will be displayed in the security section of the repo.
E.g. in: https://github.com/ezsystems/ezplatform/security/policy
More info: https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository
Doing this for all repos, and maintaining supported versions in all of them as suggested, is not worth the trouble. But we can set up default files, that apply for all repos that don't have such files. This is not just about security, we can also add CONTRIBUTING, SUPPORT, and others. This involves creating a public repo called ".github", and populating it with the right files. If we do this for both ezsystems and ibexa, we're covered.
See: https://docs.github.com/en/github/building-a-strong-community/creating-a-default-community-health-file
The security file should not contain much stuff that has to be kept up to date, it should rather refer to these resources:
https://www.ibexa.co/software-information/security
https://doc.ibexa.co/en/latest/guide/reporting_issues/
https://developers.ibexa.co/security-advisories