diff --git a/VULNERABILITY_RESPONSE_PROCESS.md b/VULNERABILITY_RESPONSE_PROCESS.md
index 9eb89a1..27cb4ad 100644
--- a/VULNERABILITY_RESPONSE_PROCESS.md
+++ b/VULNERABILITY_RESPONSE_PROCESS.md
@@ -106,7 +106,7 @@ PGP fingerprint = 1218 6272 CD48 E253 9E2D  D29B 66A7 6ECF 9144 09F1
 1. Response Team has 90 days to fulfill all points within section III
 
 2. If the Incident Response process in section III is successfully completed:
-    - a. Response Manager contacts researcher and asks if researcher wishes for credit
+    - a. Researcher decides whether or not to opt out of receiving name/handle/organization credit. By default, the researcher will receive name/handle/organization credit.
       - i. If bounty is applicable, release bounty to the researcher as defined in section "Bounty Distribution"
     - b. Finalize vulnerability announcement draft and include the following:
       - i. Project name and URL