Group wants input on vulnerability reporting guidelines