Skip to content

Update SECURITY.md to reflect bug bounty program#711

Open
kparkinson-ld wants to merge 1 commit into
mainfrom
update-security-md
Open

Update SECURITY.md to reflect bug bounty program#711
kparkinson-ld wants to merge 1 commit into
mainfrom
update-security-md

Conversation

@kparkinson-ld
Copy link
Copy Markdown

@kparkinson-ld kparkinson-ld commented Jun 3, 2026
edited by cursor Bot
Loading

Summary

Updates SECURITY.md to direct security reporters to LaunchDarkly's Bug Bounty program.

Changes

  • Security issues should be reported through the Bug Bounty program rather than via GitHub Issues or PRs
  • Clarifies that valid security issues may be eligible for a bounty

This is a cross-repository update to standardize security reporting instructions across LaunchDarkly repositories.

Note

Low Risk
Documentation-only change to security reporting instructions; no application or infrastructure code is modified.

Overview
SECURITY.md is updated so security reporting matches LaunchDarkly’s current process across repos.

The doc now boldly warns not to file GitHub Issues or PRs for vulnerabilities, with clearer rationale about public exposure. Reporting is directed to the Bugcrowd Bug Bounty program instead of the previous HackerOne link, and a line is added asking reporters not to contact LaunchDarkly staff directly.

Reviewed by Cursor Bugbot for commit f3aebe1. Bugbot is set up for automated code reviews on this repo. Configure here.

@kparkinson-ld kparkinson-ld requested a review from a team June 4, 2026 00:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kparkinson-ld