Best practices for vulnerability disclosure in real time video platforms

hey there curious if anyone operating real time video or streaming platforms typically handle vulnerability disclosure and research communication. Are there any practices around VDP programs, researches safe harbor policies. We’ve been reviewing approaches used by platforms red5pro and other realtime communications platforms and i am interested in knowing how others in this space approach disclosure program.