Most mature repositories include a SECURITY.md file. This instructs researchers on how to privately report vulnerabilities (often via GitHub Security Advisories) rather than posting a public issue. This is crucial during a beta: because the code is experimental, it is inherently more fragile. Keeping vulnerability discovery private until a patch is ready prevents bad actors from targeting users who opted into the beta.