docs: Mention Internet Bug Bounty in the security policy (#2642)

Signed-off-by: jannfis <[email protected]>
argoproj · Mar 7, 2023 · 8d87e4a · 8d87e4a
1 parent 5318977
commit 8d87e4a
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/docs/security.md b/docs/security.md
@@ -19,3 +19,18 @@ We will publish security advisiories using the
 [GitHub Security Advisories](https://github.com/argoproj/argo-rollouts/security/advisories)
 feature to keep our community well informed, and will credit you for your
 findings (unless you prefer to stay anonymous, of course).
+
+## Internet Bug Bounty collaboration
+
+We're happy to announce that the Argo project is collaborating with the great
+folks over at
+[Hacker One](https://hackerone.com/) and their
+[Internet Bug Bounty program](https://hackerone.com/ibb)
+to reward the awesome people who find security vulnerabilities in the four
+main Argo projects (CD, Events, Rollouts and Workflows) and then work with
+us to fix and disclose them in a responsible manner.
+
+If you report a vulnerability to us as outlined in this security policy, we
+will work together with you to find out whether your finding is eligible for
+claiming a bounty, and also on how to claim it.
+