A group of security research firms (Foundstone, @Stake, Guardent, ISS and more) formed the Organization for Internet Safety (OIS) in 2001. Other firms such as Oracle, Network Associates and Symantec have since jumped on board.

They have created a draft document called Security Vulnerability Reporting and Response Process (download PDF ). The idea is to set some sort of guidelines or standards to be used by individual researchers and research firms for how to go about reporting vulnerabilities in a secure and professional manner that does not disclose the vulnerability prematurely to the general public.

The document has been released publicly and they are soliciting comments and feedback on the draft. The deadline for comments is July 7, 2003.

For more information on OIS you can visit this FAQ page: Click Here