docs/BUG-BOUNTY: bug bounty time [skip ci]

Introducing the curl bug bounty program on hackerone. We now recommend filing security issues directly in the hackerone ticket system which only is readable to curl security team members. Assisted-by: Daniel Gustafsson Closes #3488
author: Daniel Stenberg <daniel@haxx.se> 2019-04-20 12:19:47 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2019-04-22 17:19:19 +0200
commit: 10e4dd6a7b3b2bc512223c4d94607f12443aab9f (patch)
tree: 4664f43185a3b02f85c5bb0af65d2d4b104e363c /docs/BUGS
parent: eb84ca3ea8f793ecbedf7865c41a8d1b9f59efb7 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/docs/BUGS b/docs/BUGS
index 7322d9b21..480e0caec 100644
--- a/docs/BUGS
+++ b/docs/BUGS
@@ -61,9 +61,14 @@ BUGS
   using our security development process.
 
   Security related bugs or bugs that are suspected to have a security impact,
-  should be reported by email to curl-security@haxx.se so that they first can
-  be dealt with away from the public to minimize the harm and impact it will
-  have on existing users out there who might be using the vulnerable versions.
+  should be reported on the curl security tracker at HackerOne:
+
+        https://hackerone.com/curl
+
+  This ensures that the report reaches the curl security team so that they
+  first can be deal with the report away from the public to minimize the harm
+  and impact it will have on existing users out there who might be using the
+  vulnerable versions.
 
   The curl project's process for handling security related issues is
   documented here:
author	Daniel Stenberg <daniel@haxx.se>	2019-04-20 12:19:47 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2019-04-22 17:19:19 +0200
commit	10e4dd6a7b3b2bc512223c4d94607f12443aab9f (patch)
tree	4664f43185a3b02f85c5bb0af65d2d4b104e363c /docs/BUGS
parent	eb84ca3ea8f793ecbedf7865c41a8d1b9f59efb7 (diff)