The oss security project, hosted by Openwall, provides an excellent list of resources including vendor contacts, disclosure information.
The oss security mailing list is a general public list for OSS vendors and authors to be able to discuss public security issues.
