From 703809ae98d62333a0a061d40f8b7b2b39ba955b Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 15 Mar 2022 08:13:22 +0100
Subject: Remove references to discourse.joinmastodon.org (#17797)

Remove broken CODEOWNERS file

Add sponsor.joinmastodon.org to FUNDING.yml
---
 SECURITY.md | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'SECURITY.md')

diff --git a/SECURITY.md b/SECURITY.md
index 9d351fce6..5531a306e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,13 +1,19 @@
 # Security Policy
 
+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you should submit the report through our [Bug Bounty Program][bug-bounty]. Alternatively, you can reach us at <hello@joinmastodon.org>.
+
+You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+
+## Scope
+
+A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us.
+
 ## Supported Versions
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 3.4.x   | :white_check_mark: |
-| 3.3.x   | :white_check_mark: |
-| < 3.3   | :x:                |
-
-## Reporting a Vulnerability
+| 3.4.x   | Yes                |
+| 3.3.x   | Yes                |
+| < 3.3   | No                 |
 
-hello@joinmastodon.org
+[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail
-- 
cgit