https://we.phorge.it/book/phorge/article/reporting_security/ says that people should use this form for submitting security vulnerability reports for Phorge. However, when I visit that page myself, I get an error saying "You do not have permission to view this object.".

I believe that opening non-security tasks in Phorge is limited to Trusted Contributors; however, I'm wondering whether it should be easier for non-community-members to open security-report tasks (or, at least, whether an alternative way of reporting security issues should be made available)? People that discover security issues in a piece of software are not necessarily always going to be a member of that software's development community, and IMO it should be easier/more open than (I believe) it currently is for non-community-members to report such issues if/when they find them.

As a side note, IMO it might also be worth linking to the docs on how to report a security issue from the Phorge homepage -- I only came across this (important!) piece of documentation because I happened to be looking through the Phorge docs for something else.

As another side note, the documentation currently says:

If you aren't sure if something qualifies, you can submit the issue as a normal bug report.

IMO, this seems backwards -- if a person isn't sure if something qualifies as a security issue, shouldn't it be raised as a security task initially (out of an abundance of caution), and then converted into a public task if it's deemed to not be a security issue? If an actual security issue is submitted as a normal bug report (before presumably being converted into a security task), there'll be a period of time during which the details of the unpatched security vulnerability will be visible to the internet.