This research <https://www.theregister.com/2020/09/04/linux_kernel_flaws/> shows that it is possible to get clues about security vulnerabilities in the Linux kernel simply by looking for patches published with lower than usual discussion about their purpose. In some cases they were able to spot these up to nearly 6 months in advance of their being publicly disclosed. Not all such patches are to address security issues. With itself raises other troubling questions. And of course, mailing lists for other open-source projects can be just as fruitful sources of similar information.