Update bug bounty program

Author: bernacodesido

SECURITY.md

@@ -1,31 +1,19 @@
-# RSK POWHSM Security Process
+# RootstockLabs's Security Process
 
-We're committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.
+We are committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.
 
 ## Responsible Disclosure
 
-For all security related issues, RootstockLabs has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program.](https://www.rootstocklabs.com/bug-bounty-program) **Do not open up a GitHub issue if the bug is a security vulnerability.**
+For all security related issues, RootstockLabs has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program/). **Do not open up a GitHub issue if the bug is a security vulnerability**
 
-**Ensure the bug was not already reported** by searching on Github under [Issues](https://github.com/rsksmart/rsk-powhsm/issues).
+**Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/rsk-powhsm/issues).
 
-## Vulnerability Handling
+## Disclouse Policy
 
-### Response Time
+- Follow Immunefi's [disclosure guidelines](https://immunefi.com/responsible-publication/).
+- Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ledger) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.
 
-RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:
-
-* Time to first response (from report submit) - 5 business days
-* Time to triage (from report submit) - 7 business days
-* Time to bounty (from triage) - 15 business days
-
-We’ll try to keep you informed about our progress throughout the process.
-
-### Disclouse Policy
-
-* Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
-* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ledger) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.
-
-For more information check the RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)
+For more information check RootstockLabs bounty program policy at [Immunefi](https://immunefi.com/bug-bounty/rootstocklabs/information)
 
 ## Public Keys