VRP: redefine public communications platform

As we agreed to (the VRP team).

VULNERABILITY_RESPONSE_PROCESS.md

@@ -90,7 +90,7 @@ PGP fingerprint = 1218 6272 CD48 E253 9E2D  D29B 66A7 6ECF 9144 09F1
     - d. If there are any disputes regarding bug severity, the Monero Response team will ultimately define bug severity
 
 7. Respond according to the severity of the vulnerability:
-    - a. HIGH severities must be notified on website and reddit /r/Monero (/r/Kovri for kovri) within 3 working days of classification
+    - a. HIGH severities will be notified via at least one public communications platform (mailing list, reddit, website, or other) within 3 working days of patch release
       - i. The notification should list appropriate steps for users to take, if any
       - ii. The notification must not include any details that could suggest an exploitation path
       - iii. The latter takes precedence over the former
@@ -130,7 +130,7 @@ PGP fingerprint = 1218 6272 CD48 E253 9E2D  D29B 66A7 6ECF 9144 09F1
       - viii. Mitigating factors (for example, the vulnerability is only exposed in uncommon, non-default configurations)
       - ix. Workarounds (configuration changes users can make to reduce their exposure to the vulnerability)
       - x. If applicable, credits to the original reporter
-    - c. Release finalized vulnerability announcement on website and reddit /r/Monero (/r/Kovri for kovri)
+    - c. Release finalized vulnerability announcement on public communications platform (mailing list, reddit, website, or other)
     - d. For HIGH severities, release finalized vulnerability announcement on well-known mailing lists:
       - i. oss-security@lists.openwall.com
       - ii. bugtraq@securityfocus.com