It is not infrequent to see stewards reporting bugs here. Some of those are private bugs for a variety of reasons such as security issues or other private stuff. Once those tasks are created, we add as suscribers a couple of users who might be interested or who cooperated in discovering the bug and reporting it, but at the end we end up having to add more subscribers because of the interest in knowing the process of the bug or for stewards to know the behaviour of the issue to avoid problems in their daily work.
A security or private bug that we spot should is no secret for the rest of the team, in fact we need to know them to avoid private data leaks and the like, and since adding more than 30 subscribers to each private task we've reported is overkill, I'd like to propose creating a group which contains current stewards, for all of us be able to look at the private bugs we report, without having to guess who was the author or is subscribed, then ask him/her to add us to the task.
If I understood the process correctly, if we add the project to the subscribers field, all members of that group will get access to the task containing it.
Project management and membership of the project should be restricted to current stewards, and maybe some WMF staff from the Support and Safety (SuSa) dept, such as @Jalexander, @Kalliope or @Mdennis-WMF
I've checked with my fellow stewards on our mailing list and received no opinion against. As project-creator I can create the project myself, but project guidelines requires ACL projects to be proposed and discussed before its creation.
Note that this is very different from Stewards-and-global-tools, where we track public tasks of bugs found on a variety of tasks that might be of interest of stewards, swmt members, administrators, checkusers, etc. However I wonder if what I propose here can be done via a subproject of that subproject too.