Hi,

one of the key parts of the maintenance work is to follow the Common 
Vulnerabilities and Exposures (CVE)[1] and the fixes that comes out of 
them, in this case, to the kernel.

We can check against CVE and commit lists from Debian[2]. Currently 
there is no good distribution-neutral tracker for this and MITRE is not 
that fast in publishing details of CVEs.

One step that Members can take is to identify the person within their 
organizations that deal with low level security issues and put them in 
contact with Ben so:
* They can provide input to Ben.
* Ben H. can explain them how a kernel in maintenance work in this regard.

A long term point for CIP Members is to get a CNA ID[3] and act as a CNA 
or participate through a liaison if you do not want to dedicate people 
to this.

[1] https://cve.mitre.org/about/faqs.html
[2] svn://scm.alioth.debian.org/svn/kernel-sec/
[3] https://cve.mitre.org/cve/cna.html

Best Regards
-- 
Agustin Benito Bethencourt
Principal Consultant - FOSS at Codethink
agustin.benito at codethink.co.uk