Proposal

Add annotations, e.g.,

• org.opencontainers.security.contact: A link or e-mail address for people to contact you about security issues.
• org.opencontainers.security.encryption: A link to a key which security researchers should use to securely talk to you.

User Stories

• As a security researcher, I want to know how to contact the image maintainer about security issues.
• As a security researcher, I want to know how to securely communicate with the image maintainer

Background

For websites, there is security.txt (https://securitytxt.org/) and the corresponding RFC 9116 (https://datatracker.ietf.org/doc/html/rfc9116).
One could transfer this idea to container images.