add bug bounty info

(cherry picked from commit 86bd4d7)
OpenZeppelin · Nov 22, 2021 · 0413d58 · 0413d58
1 parent a4cee9e
commit 0413d58
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -66,7 +66,7 @@ The core development principles and strategies that OpenZeppelin Contracts is ba
 
 The latest audit was done on October 2018 on version 2.0.0.
 
-Please report any security issues you find to [email protected].
+Please report any security issues you find via our [bug bounty program on Immunefi](https://www.immunefi.com/bounty/openzeppelin) or directly to [email protected].
 
 Critical bug fixes will be backported to past major releases.
 

diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc
@@ -40,6 +40,11 @@ TIP: If you're new to smart contract development, head to xref:learn::developing
 
 To keep your system secure, you should **always** use the installed code as-is, and neither copy-paste it from online sources, nor modify it yourself. The library is designed so that only the contracts and functions you use are deployed, so you don't need to worry about it needlessly increasing gas costs.
 
+[[security]]
+== Security
+
+Please report any security issues you find via our https://www.immunefi.com/bounty/openzeppelin[bug bounty program on Immunefi] or directly to [email protected].
+
 [[next-steps]]
 == Learn More