http://www.oisafety.org/ announced the GA version of "guidelines for security vulnerability reporting and response process, v1.0", whose URL is http://www.oisafety.org/reference/process.pdf
this is asynchronous to the NIAC presentation jim duncan gave at the last nanog, but it's related/similar, and there's a public comment period, and it's a worthwhile read, or an opportunity to flame somebody, or whatever. oisafety.org is the organization for internet safety, btw.
