SECURITY.md in phlex-1.0.0.rc2 vs SECURITY.md in phlex-1.0.0

- old
+ new
@@ -1,5 +1,13 @@
 # Security Policy
 
-## Reporting a Vulnerability
+## Reporting a vulnerability
 
-If you found a possible security vulnerability in Phlex, please email security@phlex.fun.
+If you find a possible security vulnerability, please email security@phlex.fun. Do not create an issue or pull request either demonstrating or fixing the vulnerability.
+
+## Bug bounty
+
+[The Gem Foundation](https://ryanbigg.com/2022/11/the-gem-foundation) has kindly sponsored a $1 bug bounty to discover security vulnerabilities in Phlex.
+
+## Sponsoring a bug bounty
+
+If you wish to sponsor a bug bounty for Phlex, please get in touch with Joel at joel@drapper.me.