Use Info-Tech's Coordinated Vulnerability Disclosure (CVD) Policy to specify the parameters of your program.
Establish your security requirements and expectations of the program. Formalize the approach to CVD by outlining the following sections:
- Introduction
- Eligibility
- Rules of Conduct
- In Scope
- Out of Scope
- Reporting Procedure
- Bounty/Reward
- Safe Harbor