[nextts]

Is there a mechanism where this sort of advice can flow through security teams to everyone (assuming it is about security) without dropping the details. How are zero days dealt with?

[TheDong]

For non-public zero-days on packages in linux/BSD distros - https://oss-security.openwall.org/wiki/mailing-lists/distros

For public issues - https://oss-security.openwall.org/wiki/mailing-lists/oss-sec...

For vague-posting about unconfirmed CVEs and zero days - twitter.com and/or mastodon and/or your friend on signal