Hmm, it looks like you still have the GHSA platform choice in the PEP:
Using GitHub Security Advisories (GHSA)
This PEP proposes adopting GitHub Security Advisories as the system to accept vulnerability reports due to its tight integration with services already in use by relevant projects.
In the pre-PEP discussion you said:
Was this an oversight ?
Should inactive members be more aggressively pruned?
The PSRT only triages a double-digit number of reports every year, meaning there aren’t an abundance of opportunities to “prove” activity on the scale of months. For this reason along with aligning with existing yearly schedules for the Steering Council, a yearly pruning was recommended.
Shouldn’t that last sentence read "For this reason along with aligning with existing yearly schedules for the Steering Council, a yearly pruning is not recommended.