The aforementioned report is one of many related white papers provided by the DoJ's Computer Crime and Intellectual Property section.
disclose.io is a cross-industry, vendor-agnostic standardization project for safe harbor† best practices to enable good-faith security research.
Main web site: https://disclose.io/
Github repository with policy templates: https://github.com/disclose/disclose
Where to Look for More
Numerous organizations have already posted their vulnerability disclosure policies. A wide variety of these policies can be found by searching the web for "vulnerability disclosure policy," or "vulnerability disclosure program," or by browsing third-party vulnerability disclosure (e.g., bug bounty) service providers' hosted programs.