public comment period for's vulnerability process announced the GA version of "guidelines for security
vulnerability reporting and response process, v1.0", whose URL is

this is asynchronous to the NIAC presentation jim duncan gave at the
last nanog, but it's related/similar, and there's a public comment period,
and it's a worthwhile read, or an opportunity to flame somebody, or whatever. is the organization for internet safety, btw.