Add bug bounty section to readme

README.md

@@ -58,6 +58,7 @@ See also:
 - [Maintainers](#maintainers)
 - [Contributing](#contributing)
 - [Security](#security)
+  - [Bug Bounty](#bug-bounty)
   - [Audits](#audits)
 - [License](#license)
 
@@ -360,7 +361,18 @@ You are welcome here <3.
 
 # Security
 
-If you find a security vulnerability on this project or any other initiative related to Flashbots, please let us know sending an email to [email protected].
+If you find a security vulnerability in this project or any other initiative
+related to Flashbots, please let us know sending an email to
+[email protected]. Refer to the [SECURITY file](SECURITY.md) for details.
+
+## Bug Bounty
+
+The bug bounty program will be a shared bounty pool of up to 50k USD
+between `mev-boost`, `mev-boost-relay`.
+
+We would like to welcome node operators, builders, searchers, and other
+participants in the ecosystem to contribute to this bounty pool to help make the
+ecosystem more secure.
 
 ## Audits
 

SECURITY.md

@@ -22,10 +22,4 @@ To report a vulnerability, please email [email protected] and provide all t
 Please include the steps to reproduce it using as much detail as possible with the corresponding logs from `mev-boost` and / or logs from the consensus / execution client.
 
 Once we have received your bug report, we will try to reproduce it and provide a more detailed response.
-Once the reported bug has been successfully reproduced, the team will work on a fix.
-
-## Bounty Program
-
-The bug bounty program will be a shared bounty pool of up to 50k USD between `mev-boost`, `mev-boost-relay`.
-
-We would like to welcome node operators, builders, searchers and other participants in the ecosystem to contribute to this bounty pool to help make the ecosystem more secure.
+Once the reported bug has been successfully reproduced, the team will work on a fix.