In the US, there has been a growing effort for US government agencies to have vulnerability disclosure policies. This was codified into law, and the National Institute of Standards and Technology was directed to establish guidelines.
The first draft has been published, as NIST Special Publication 800-216. They are looking for comments and feedback, and I strongly encourage the Disclose.io community to offer feedback, either as individuals, or as a collective of experts.
I work closely with the NIST team, but am happy to help offer advice on how to share feedback constructively, and frame your comments to have maximum impact.