diff --git a/i2p2www/pages/global/nav.html b/i2p2www/pages/global/nav.html
index f9342ad4fadc8ad6ae4bf7adc7169090153712f0..95ddbd1dde896cfdf539e76e109c8650db6f35aa 100644
--- a/i2p2www/pages/global/nav.html
+++ b/i2p2www/pages/global/nav.html
@@ -54,6 +54,7 @@
             <ul>
               <li><a href="{{ site_url('research') }}"><div class="menuitem"><span>{{ _('Academic research') }}</span></div></a></li>
               <li><a href="{{ site_url('research/questions') }}"><div class="menuitem"><span>{{ _('Open research questions') }}</span></div></a></li>
+              <li><a href="{{ site_url('research/vrp') }}"><div class="menuitem"><span>{{ _('Vulnerability Response Process') }}</span></div></a></li>
             </ul>
             <li><a href="{{ get_url('papers_list') }}"><div class="menuitem"><span>{{ _('Academic papers and peer review') }}</span></div></a></li>
           </li>
diff --git a/i2p2www/pages/site/research/vrp.html b/i2p2www/pages/site/research/vrp.html
index 7ceac92db8e86feb249ef2b4ea6d9b5e4ed76042..d892665e8df097efb8b7368395fa2d6d6deea036 100644
--- a/i2p2www/pages/site/research/vrp.html
+++ b/i2p2www/pages/site/research/vrp.html
@@ -1,36 +1,38 @@
 {% extends "global/layout.html" %}
 {% block title %}{{ _('Vulnerability Response Process') }}{% endblock %}
-{% block lastupdated %}{% trans %}January 2017{% endtrans %}{% endblock %}
+{% block lastupdated %}{% trans %}January 2020{% endtrans %}{% endblock %}
 {% block content_id %}vrp{% endblock %}
 {% block content %}
 <p>{% trans %}
 This process is subject to change. Please refer to this page for the current VRP.
 {%- endtrans %}</p>
 
-<h2>I. {{ _('Point of Contact for Security Issues') }}</h2>
+<p>{% trans %}This page was last updated in January 2020.{%- endtrans %}</p>
+<p>{% trans %}This process is subject to change. Please refer to this page for the current VRP.{%- endtrans %}</p>
+<p>{% trans %}Researchers: while you research/hack, we kindly ask that you refrain from the following: - Performing active exploits or Denial of Service attacks on the
+i2p network - Performing social engineering on i2p development team members - Performing any physical or electronic attempts against i2p property and/or data
+centers{%- endtrans %}</p>
+<p>{% trans %}As i2p is an open-source community, many volunteers and development team members run their own EepSites as well as public (“clearnet”) domains. These
+sites/servers are NOT in the scope of the vulnerability assessment / response process, only the underlying code of i2p is.{%- endtrans %}</p>
+
+<h2 id="i.-point-of-contact-for-security-issues">I. {{ _('Point of Contact for Security Issues') }}</h2>
 
 	security@geti2p.net - GPG Key fingerprint = EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A
 
-<h2>II. {{ _('Security Response Team') }}</h2>
+<h2 id="ii.-security-response-team">II. {{ _('Security Response Team') }}</h2>
 
 <p>{% trans -%}
-Only the following members have access to the security point of contact:
+Echelon is the trusted security point-of-contact. He forwards e-mails to team members as appropriate.
 {%- endtrans %}</p>
 
-<ol>
-  <li>zzz</li>
-  <li>str4d</li>
-</ol>
-
-<h2>III. {{ _('Incident Response') }}</h2>
+<h2 id="iii.-incident-response">III. {{ _('Incident Response') }}</h2>
 
 <ol>
   <li>{% trans -%}
 Researcher submits report via one or both of two methods:
   {%- endtrans %}
     <ol>
-      <li>{{ _('Email')}}</li>
-      <li><a href="https://hackerone.com/i2p">HackerOne</a></li>
+      <li>{{ _('Email(security@geti2p.net')}}</li>
     </ol>
   </li>
 
@@ -67,10 +69,6 @@ Response Manager moves discussion to a new or existing ticket on public Trac if
     </ol>
   </li>
 
-  <li>{% trans -%}
-If over email, Response Manager opens a HackerOne issue for new submission.
-  {%- endtrans %}</li>
-
   <li>{% trans %}
 Establish severity of vulnerability:
   {% endtrans %}
@@ -124,7 +122,7 @@ Response Team applies appropriate patch(es).
   {%- endtrans %}
     <ol>
       <li>{% trans -%}
-Response Manager designates a PRIVATE monotone "hotfix branch" to work in.
+Response Manager works on a patch LOCALLY, patches are shared by the response team via PGP-encrypted e-mail until such a time as it is safe to expose to the public.
       {%- endtrans %}</li>
       <li>{% trans -%}
 Patches are reviewed with the researcher.
@@ -164,13 +162,16 @@ Response Manager propagates the "hotfix branch" to trunk.
 Response Manager includes vulnerability announcement draft in release notes.
       {%- endtrans %}</li>
       <li>{% trans -%}
-Proceed with the Point or Regular Release. 
+        Proceed with the Point or Regular Release. At this time, it is not possible to release an in-network update for only one operating system or
+		architecture. In order that all affected products can be released as quickly as possible, the person responsible
+		for that software should be able to perform necessary release processes in a timely manner. Importantly this should include
+		consideration for package maintainers in Debian, Ubuntu and F-Droid.
       {%- endtrans %}</li>
     </ol>
   </li>
 </ol>
 
-<h2>IV. {{ _('Post-release Disclosure Process') }}</h2>
+<h2 id="iv.-post-release-disclosure-process">IV. {{ _('Post-release Disclosure Process') }}</h2>
 
 <ol>
   <li>{% trans limit=90 -%}
@@ -223,6 +224,11 @@ If applicable, credits to the original reporter.
       <li>{% trans -%}
 Release finalized vulnerability announcement on website and in news feed.
       {%- endtrans %}</li>
+      <li><ol>
+        <li>If the vulnerability may be exploited while the network is being upgraded, delay the announcement until the vulnerable routers are upgraded.</li>
+		<li>After the update is successful, write the announcement for the news feed, send it for translation, and release it.</li>
+		<li>When translations come in, news operators should pull in the translations and update their feeds.</li>
+      </ol></li>
       <li>{% trans -%}
 For HIGH severities, release finalized vulnerability announcement on well-known mailing lists:
       {%- endtrans %}
@@ -270,7 +276,7 @@ vulnerability to the public.
   </li>
 </ol>
 
-<h2>V. {{ _('Incident Analysis') }}</h2>
+<h2 id="v.-incident-analysis">V. {{ _('Incident Analysis') }}</h2>
 
 <ol>
   <li>{{ _('Isolate codebase') }}
@@ -319,7 +325,7 @@ completion of section V.
   {%- endtrans %}</li>
 </ol>
 
-<h2>VI. {{ _('Resolutions') }}</h2>
+<h2 id="vi.-resolutions">VI. {{ _('Resolutions') }}</h2>
 
 <p>{% trans -%}
 Any further questions or resolutions regarding the incident(s) between the
@@ -329,13 +335,12 @@ addressed via the following:
 
 <ol>
   <li>Trac</li>
-  <li>HackerOne</li>
   <li>IRC</li>
   <li>Email</li>
   <li>Twitter</li>
 </ol>
 
-<h2>VII. {{ _('Continuous Improvement') }}</h2>
+<h2 id="vii.-continuous-improvement">VII. {{ _('Continuous Improvement') }}</h2>
 
 <ol>
   <li>{% trans -%}