faq: add entry about reporting security bugs through hackerone

uber · Feb 9, 2017 · c517768 · c517768
1 parent a50585b
commit c517768
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -30,7 +30,6 @@ Building:
 
 Usage:
 1. put this pam module where ever pam modules live on your system, eg. /lib/security
-
 2. add it as an authentication method, eg.
 
 ```
@@ -67,6 +66,9 @@ auth [success=1 default=ignore] /lib/security/pam_ussh.so ca_file=/etc/ssh/user_
 
 FAQ:
 
+* How do I report a security issue?
+* Please report security issues at the [hackerone bug bounty page](https://hackerone.com/uber) and the bugbounty folks will determine bounty eligibility.
+
 * does this work with non-certificate ssh-keys?
   A: no, not at the moment. there's no reason it can't though, we just didn't need it to do that so I never added the functionality.