argoproj · crenshaw-dev · Apr 7, 2026
@@ -6,9 +6,7 @@ If you find a security-related bug in Argo Events, we kindly ask you for respons
 disclosure and for giving us appropriate time to react, analyze and develop a
 fix to mitigate the found security vulnerability.
 
-Please report vulnerabilities by e-mail to the following address:
-
-* cncf-argo-security@lists.cncf.io
+Please report vulnerabilities via GHSA: https://github.com/argoproj/argo-events/security/advisories/new
 
 All vulnerabilities and associated information will be treated with full confidentiality.
 
@@ -18,20 +16,6 @@ Security vulnerabilities will be disclosed via [release notes](docs/releasing.md
 [GitHub Security Advisories](https://github.com/argoproj/argo-events/security/advisories)
 feature to keep our community well informed, and will credit you for your findings (unless you prefer to stay anonymous, of course).
 
-## Internet Bug Bounty collaboration
-
-We're happy to announce that the Argo project is collaborating with the great
-folks over at
-[Hacker One](https://hackerone.com/) and their
-[Internet Bug Bounty program](https://hackerone.com/ibb)
-to reward the awesome people who find security vulnerabilities in the four
-main Argo projects (CD, Events, Rollouts and Workflows) and then work with
-us to fix and disclose them in a responsible manner.
-
-If you report a vulnerability to us as outlined in this security policy, we
-will work together with you to find out whether your finding is eligible for
-claiming a bounty, and also on how to claim it.
-
 ## Vulnerability Scanning
 
 See [static code analysis](docs/static-code-analysis.md).