How would this work? Currently, if the bug is private, then the subscribers are always explicit. Are you suggesting to change that rule to be: if the bug is private but it is security-related then implicitly subscribe (and give access to) the related security contact?
How would this work? Currently, if the bug is private, then the subscribers are always explicit. Are you suggesting to change that rule to be: if the bug is private but it is security-related then implicitly subscribe (and give access to) the related security contact?