@dpatrick pointed out that we should have a regular triage of low-priority security bugs on a regular basis, in addition to continuous work on the UBN/High/Normal bugs. Which highlighted that the team doesn't have a documented process / schedule for triage of security issues. We should do that.
Darian and I have started triaging each week-- Tues 2pm Pacific. You're
welcome to join although I know that's late for you.
I also want to document rough guidelines on wiki to standardize what types
on vulnerabilities get what priority on our sites. Then hopefully anyone
with access can uniformly assign priority.