Fix #13: Bug Bounty Request

[Stackwyre]

Resolves #13

Changes

• SECURITY.md

Fixes #13

Tested locally. Happy to address any review feedback.

[loopghost]

Hey @Stackwyre , thanks for taking care of this so quickly. I really appreciate the team’s commitment to improving the security disclosure process.

I reviewed the new SECURITY.md and it looks good to me overall.

One small suggestion: under “Contact the maintainers directly”, it would be helpful to clarify which platform those handles refer to, for example GitHub, X, Telegram, etc. Right now it may not be immediately clear to external researchers how they should reach out through those handles.

Regarding the bug bounty section, HackenProof could be worth considering when the team is ready to move forward with a formal program. Personally, as a Web3 security researcher, I’ve had very good experiences with HackenProof, and I’d be happy to make an introduction to their team privately. They also have a strong network of Web3 security researchers.

Thanks again for the quick response here. Once the maintainer contact channels are clarified, I’d be happy to follow up privately as well.

[loopghost]

Under “Contact the maintainers directly”, it would be helpful to clarify which platform those handles refer to, for example GitHub, X, Telegram, etc. Make sure to be publicly reachable through that contact method (i.e. having your DMs open to everyone if it's X). Right now it may not be immediately clear to external researchers how they should reach out through those handles.