Ruby now uses HackerOne for managing incoming security vulnerability …

…reports Update security documentation to point to https://hackerone.com/ruby.
ruby · Jun 17, 2016 · feb17bb · feb17bb
1 parent 0399d8a
commit feb17bb
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/en/security/index.md b/en/security/index.md
@@ -9,9 +9,13 @@ Here you will find information about security issues of Ruby.
 
 ## Reporting Security Vulnerabilities
 
-Security vulnerabilities should be reported via an email to
-security@ruby-lang.org ([the PGP public key](/security.asc)), which is a
-private mailing list. Reported problems will be published after fixes.
+Security vulnerabilities should be reported through our
+[bounty program page at HackerOne](https://hackerone.com/ruby).
+Reported problems will be published after fixes.
+
+If you need to get in touch with the security team directly outside
+of HackerOne, you can send email to security@ruby-lang.org
+([the PGP public key](/security.asc)), which is a private mailing list.
 
 The members of the mailing list are people who provide Ruby
 (Ruby committers and authors of other Ruby implementations,