From 10e4dd6a7b3b2bc512223c4d94607f12443aab9f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 20 Apr 2019 12:19:47 +0200
Subject: docs/BUG-BOUNTY: bug bounty time [skip ci]

Introducing the curl bug bounty program on hackerone. We now recommend
filing security issues directly in the hackerone ticket system which
only is readable to curl security team members.

Assisted-by: Daniel Gustafsson

Closes #3488
---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 70764357f..d8d6c0e6d 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,11 @@ To download the very latest source from the Git server do this:
 
 (you'll get a directory named curl created, filled with the source code)
 
+## Security problems
+
+Report supected security problems on [our hackerone
+page](https://hackerone.com/curl) and not in public!
+
 ## Notice
 
 Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga
-- 
cgit v1.2.1