From ed7bf43a08e250e1946acfc66ff1e1437b26c218 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 10 Mar 2026 17:10:37 +0100
Subject: [PATCH] BUG-BOUNTY.md: minor rephrase to say there is no bug bounty

also add a brief mention to VULN-DISCLOSURE-POLICY.md

Closes #20878
---
 docs/BUG-BOUNTY.md             | 8 +++-----
 docs/VULN-DISCLOSURE-POLICY.md | 3 +++
 scripts/mdlinkcheck            | 1 -
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md
index 8a85096e09..765cf493e6 100644
--- a/docs/BUG-BOUNTY.md
+++ b/docs/BUG-BOUNTY.md
@@ -4,13 +4,11 @@ Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 -->
 
-# The curl bug bounty
-
-Up until the end of January 2026 there was a curl bug bounty. It is no more.
+# No curl bug bounty
 
 The curl project does not offer any rewards for reported bugs or
-vulnerabilities. We also do not aid security researchers to get such rewards
-for curl problems from other sources either.
+vulnerabilities. We do not aid security researchers to get such rewards for
+curl problems from other sources.
 
 A bug bounty gives people too strong incentives to find and make up "problems"
 in bad faith that cause overload and abuse.
diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md
index 8878ef7acc..abc7ef2c0a 100644
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -9,6 +9,9 @@ SPDX-License-Identifier: curl
 This document describes how security vulnerabilities are handled in the curl
 project.
 
+There is no bug bounty and the curl project never offers rewards for reported
+vulnerabilities.
+
 ## Publishing Information
 
 All known and public curl or libcurl related vulnerabilities are listed on
diff --git a/scripts/mdlinkcheck b/scripts/mdlinkcheck
index 4ee0b53752..835a02d497 100755
--- a/scripts/mdlinkcheck
+++ b/scripts/mdlinkcheck
@@ -40,7 +40,6 @@ my %whitelist = (
     'https://curl.se/dev/secprocess.html' => 1,
     'https://curl.se/dev/sourceactivity.html' => 1,
     'https://curl.se/docs/' => 1,
-    'https://curl.se/docs/bugbounty.html' => 1,
     'https://curl.se/docs/caextract.html' => 1,
     'https://curl.se/docs/copyright.html' => 1,
     'https://curl.se/docs/http-cookies.html' => 1,