@rockgecko_dev That's precisely the point.
There is nothing following. You are asking for "responsible" way to deal with
security issues from the author, while this is not their responsibility. It's
that of the organisation who copies the source code and makes it part of their
solution.