SECURITY-PROCESS: bountygraph shuts down

This backpedals back the documents to the state before bountygraph.

Closes #3311

1 files changed, 9 insertions, 13 deletions

diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index 9dd4cb77b..6cae5036b 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -121,19 +121,15 @@ Publishing Security Advisories
 6. On security advisory release day, push the changes on the curl-www
    repository's remote master branch.
 
-Bountygraph Bug Bounty
-----------------------
-
-The curl project runs a bug bounty program in association with
-bountygraph.com.
-
-After you have reported a security issue to the curl project, it has been
-deemed credible and a patch and advisory has been made public you can be
-eligible for a bounty from this program.
+Hackerone Internet Bug Bounty
+-----------------------------
 
-See all details at [BountyGraph](https://bountygraph.com/programs/curl).
+The curl project does not run any bounty program on its own, but there are
+outside organizations that do. First report your issue the normal way and
+proceed as described in this document.
 
-This bounty is relying on funds from
-[sponsors](https://bountygraph.com/programs/curl#publicpledges). If you use
-curl professionally, consider help funding this!
+Then, if the issue is [critical](https://hackerone.com/ibb-data), you are
+eligible to apply for a bounty from Hackerone for your find.
 
+Once your reported vulnerability has been publicly disclosed by the curl
+project, you can submit a [report to them](https://hackerone.com/ibb-data).
\ No newline at end of file