The announcement just went out for the newly formed oss-security group (which is a similar concept to the private vendor-sec group, but open to anyone interested in helping promote and work with security in open source projects). I’ve mentioned oss-security before, but the “official” PR just came out (thanks to Red Hat for doing it):