From 957679bfcebe05ef80b747e00c6f0494dd440a69 Mon Sep 17 00:00:00 2001
From: wbnns <hello@wbnns.com>
Date: Wed, 1 Mar 2023 09:00:11 -0600
Subject: [PATCH 1/2] SECURITY: Add security policy

---
 SECURITY.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..29b618781
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Security Policy
+
+Report your findings to our H1 program: https://hackerone.com/coinbase

From f7b377947ae3d1ad0d8c5b9466a45d1e895483ed Mon Sep 17 00:00:00 2001
From: wbnns <hello@wbnns.com>
Date: Thu, 2 Mar 2023 13:54:43 -0600
Subject: [PATCH 2/2] SECURITY: Update to match docs.base.org/security/

---
 SECURITY.md | 39 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 29b618781..a0d905b7f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,38 @@
-# Security Policy
+# Security
+
+## Bug bounty program
+
+In line with our strategy of being the safest way for users to access crypto:
+
++ Coinbase will be extending our [best-in-industry][1] million-dollar [HackerOne bug bounty program][2]
+to cover the Base network, the Base bridge contracts, and Base infrastructure.
+
++ Coinbase will be working in tandem with OP Labs to harden the security
+guarantees of Bedrock and accelerate the timeline for decentralized
+fault-proofs on the [OP Stack][3].
+
++ Coinbase's bug bounty program will run alongside Optimism's existing [Immunefi Bedrock bounty program][4]
+to support the open source [Bedrock][5] OP Stack framework.
+
+## Reporting vulnerabilities
+
+All potential vulnerability reports can be submitted via the [HackerOne][6]
+platform.
+
+The HackerOne platform allows us to have a centralized and single reporting
+source for us to deliver optimized SLA's and results. All reports submitted to
+the platform are triaged around the clock by our team of Coinbase engineers
+with domain knowledge, assuring the best quality of review.
+
+For more information on reporting vulnerabilities and our HackerOne bug bounty
+program, view our [security program policies][7].
+
+[1]: https://www.coinbase.com/blog/celebrating-10-years-of-our-bug-bounty-program
+[2]: https://hackerone.com/coinbase?type=team 
+[3]: https://stack.optimism.io/
+[4]: https://immunefi.com/bounty/optimism/
+[5]: https://stack.optimism.io/docs/releases/bedrock/
+[6]: https://hackerone.com/coinbase
+[7]: https://hackerone.com/coinbase?view_policy=true
+
 
-Report your findings to our H1 program: https://hackerone.com/coinbase