Currently, the person on SRE duty (and to a lower extent other SREs as well) is tasked with monitoring the mailing lists and other sources for new CVEs that are relevant for Miraheze. By discovering vulnerabilities in a timely, we can start mitigating the risks soon enough to be ahead of attackers exploiting vulnerabilities in the wild.
Manually monitoring for new CVEs is cumbersone and prone to human error, even though we're subscribed to multiple mailing lists. It pleases me to see services such as https://www.opencve.io/welcome: notifying you of new CVEs based on conditions imposed by Miraheze, for example, match any CVE mentioning 'MediaWiki' or 'MariaDB'.
Tagging on the general SRE dashboard since this is relevant for both teams.