We’ve just released a new resource from our work with CZI EOSS projects around developing a security mindset in your Open Source project. Take a look, any feedback can go into Github Issues or direct to the editorial team at info@orgmycology.com.
We hope this is broadly useful! Use it and adapt it to plan a 1-2 hour conversation with your contributor community. Do let us know if you use it and how you may have adapted it.