To publish your VDP, please add a disclaimer to your project readme, FAQ (or alternative) so security researchers have a point of contact (VDP URL) to report findings.
How can I report security bugs?
You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. [Report a security vulnerability.](https://patchstack.com/database/vdp/wp-htaccess-editor)
Remember to push the update to your plugin for the disclaimer to be visible. Once done, e-mail us at triage@patchstack.com for the VDP to be made public. Until then, you may access and review using the PIN included in the e-mail link.