Vulnerability disclosure program: develop policies and procedures

Develop policies and procedures of how/who users can contact in case they discover a security vulnerability:

security contact email
develop procedures & processes
develop content for security disclosure page with parameters for disclosure (eg what to report and what not to report) example: https://github.com/craftcms/cms/security/policy
develop bug bounty program, example https://hackerone.com/stripe

Ref:

securitytxt
ACSC: Guidelines for Software Development
OWASP: Vulnerability Disclosure Cheat Sheet

Edited Jun 10, 2025 by Janna