It's an exciting time for vulnerability disclosure. Over 800 companies now offer vulnerability disclosure policies (VDPs), and that number is increasing every day. With such policies, not only are hackers better protected in disclosing vulnerabilities, but the public can stay better informed about security practices across organizations. 2020 is proving to be a breakout year for vulnerability disclosure policies, which will soon to be present across every U.S. federal agency, the elections industry, and more. Yet with these advances comes an increased need to ensure such policies are effective and protect both organizations and hackers. As evidenced by past legal disputes, the process of building and abiding by a VDP is nontrivial. In this talk, learn about the history of the VDP, ongoing legal troubles, and best practices moving forward to ensure the efficacy of VDPs. Case studies of action by the United States and Netherlands governments demonstrate that VDPs can be implemented as a standard in order to increase public security. By structuring VDPs in the right way, such policies can be implemented to offer transparency critical to increasing public trust around security.