The National Cyber Security Centre (NCSC) in the U.K. has released a guideline to help companies implement a vulnerability disclosure process or improve it if one is already set up. The document underlines the need for organizations of all sizes to pave the road for an open posture toward responsible bug reporting and encourage it. It is organized in three main sections describing what can be done to direct external vulnerability information to the right person and the report follows a clear standard that defines an agreed framework for closing it.
Source: https://www.bleepingcomputer.com/news/security/uk-government-releases-toolkit-to-easily-disclose-vulnerabilities/