Building your VDP policy page can be accomplished in house or in partnership with a vendor who has experience and a blueprint for creating policies for organizations in your business vertical. Vendors experience can expedite your policy creation process and a trusted vendor can also guide you on which areas of your business need to be involved.
Once you have an understanding of what your policy should cover, you should decide where it will live. VDPs should be easily discoverable on your website. If you choose to work with a vendor, you will also have the option of listing your VDP on their directory page which acts as a go-to listing of all VDPs available to security researchers. Being listed on a VDP directory provides more visibility from the researcher community and therefore more reported vulnerabilities.