docs: Mention Internet Bug Bounty in the security policy (argoproj#12732

) * docs: Add Internet Bug Bounty section to security policy Signed-off-by: jannfis <[email protected]> * Mention all four projects Signed-off-by: jannfis <[email protected]> * Bump version and date Signed-off-by: jannfis <[email protected]> * Fix some wording Signed-off-by: jannfis <[email protected]> --------- Signed-off-by: jannfis <[email protected]>
tkasuz · Mar 6, 2023 · 1803f64 · 1803f64
1 parent 152a930
commit 1803f64
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,6 +1,6 @@
 # Security Policy for Argo CD
 
-Version: **v1.4 (2022-01-23)**
+Version: **v1.5 (2023-03-06)**
 
 ## Preface
 
@@ -69,6 +69,20 @@ Please report vulnerabilities by e-mail to the following address:
 
 * [email protected]
 
+## Internet Bug Bounty collaboration
+
+We're happy to announce that the Argo project is collaborating with the great
+folks over at
+[Hacker One](https://hackerone.com/) and their
+[Internet Bug Bounty program](https://hackerone.com/ibb)
+to reward the awesome people who find security vulnerabilities in the four
+main Argo projects (CD, Events, Rollouts and Workflows) and then work with
+us to fix and disclose them in a responsible manner.
+
+If you report a vulnerability to us as outlined in this security policy, we
+will work together with you to find out whether your finding is eligible for
+claiming a bounty, and also on how to claim it.
+
 ## Securing your Argo CD Instance
 
 See the [operator manual security page](docs/operator-manual/security.md) for