Merge pull request #52 from jupyter/Carreau-patch-1

Suggest public sec vuln reporting via github beta program.

Author: rcthomas

docs/vulnerability-handling.md

@@ -21,6 +21,8 @@ If you believe you’ve found a security vulnerability in a Jupyter project, ple
 to encrypt your security reports, you can use [this PGP public key](https://jupyter.org/assets/ipython_security.asc). Project Jupyter 
 will respond within 3 days to all new reports.
 
+We are also testing GitHub Private vulnerability reporting, you can try to submit a security advisory on [jupyter/security using this link](https://github.com/jupyter/security/security/advisories/new).
+
 ## Coordinated Disclosures
 
 Project Jupyter follows a [coordinated disclosure](https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html#responsible-or-coordinated-disclosure)