Article 5: Network product providers, network operators and network product security vulnerability collection platforms shall establish and improve channels for receiving network product security vulnerability information and keep them open, and retain network product security vulnerability information receiving logs for no less than 6 months.  Article 6: "Encourages relevant organizations and individuals to report security vulnerabilities in their products to network product providers" and "Encourage network product providers to establish a reward mechanism for security vulnerabilities in the network products they provide, and reward organizations or individuals who discover and report security vulnerabilities in the network products they provide."