Snyk has launched a responsible vulnerability disclosure program to support the open source community in keeping their software secure. The company aims to bridge the gap between researchers and maintainers by engaging in an open, mutual discussion from start to finish, taking into account both perspectives and factors such as package context, severity, and probability of exploitation. Snyk provides periodic updates to the person who has initially reported a vulnerability and credits them for their valuable finding. The company has responsibly disclosed 88 vulnerabilities so far, including a recent large-scale disclosure with Johns Hopkins University, which used a novel concept called Object Property Graph (OPG) to automate the finding of vulnerabilities. Snyk provides a dedicated disclosure form and email address (`[email protected]`) for researchers to submit vulnerability reports, which are then triaged, verified, and disclosed responsibly.