...
Noah: We also have GitHub repository alerts enabled in at least some cases
Tom: We have not received any security alerts, and there were certainly security issues within Hyrax during this period
Suspects that the best approach is to call out an action for any future group to evaluate security processes
For the Core Components, there are actually applications which deploy the Gems, and check their own security (DCE and Notch8 are proactive about security concerns)
We would have likely heard from any others
Trey: There is one security alert in github.io Repository
Tom: There is a need for an improved process