Text edits; add "no bug bounties" text

diff --git a/SECURITY.md b/SECURITY.md
index 58c37279e8bdeec3272fe86ac4d241701151b289..130eeee117889abc3358c78f5f06672810f39b22 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -30,33 +30,42 @@ Starting with the Kea 1.7 release, all Kea versions with an odd minor
 version number are development releases, and become EOL as soon as the
 following stable release is published.
 
-Limited past EOL support may be available to higher tier customers.
+Limited past EOL support may be available to higher-tier customers.
 Please contact ISC sales, using this form: https://www.isc.org/contact/
 
 ## Reporting a Vulnerability
 
-To report security vulnerability, please follow this instruction:
+To report a security vulnerability, please follow the instructions on this
+page:
 
 https://www.isc.org/reportbug/
 
-Briefly, we prefer confidential issue on gitlab (not github). An issue is
+We prefer a confidential issue on GitLab (not GitHub). An issue is
 much better, because it's easier to get more ISC engineers involved in it,
-evolve the case as more information is known, update or extra information, etc.
+evolve the case as more information is known, update or add information, etc.
 
-Second best is to send e-mail (possibly encrypted) to kea-security@isc.org.
+If a GitLab issue is not possible, please send e-mail (possibly encrypted)
+to kea-security@isc.org.
 
-## Software Defects and Security Vulnerability Disclosure Policy
+## Reporting a Bug
+
+We are working with the interests of the greater Internet at heart, and we
+hope you are too. In that vein, we do not offer bug bounties. If you think
+you have found a bug in Kea, we encourage you to report it responsibly at the
+link above; if verified, we will be happy to credit you in our Release Notes.
+
+## Software Defect and Security Vulnerability Disclosure Policy
 
 ISC treats the security of its software products very seriously. This
-document discusses the evaluation of a defect severity and the process
+document discusses the evaluation of a defect's severity and the process
 in detail: https://kb.isc.org/docs/aa-00861
 
-## Further reading
+## Further Reading
 
 The **Kea security** section of Kea ARM discusses the technical
-aspects, such as how to properly configure TLS certificates, how to secure
-Kea deployment and also what the security incident handling process
+aspects, such as how to properly configure TLS certificates and how to secure
+Kea deployment, and also what the security incident handling process
 looks like: https://kea.readthedocs.io/en/latest/arm/security.html#kea-security-processes
 
-The **Past advisories** for Kea can be found on the KB: https://kb.isc.org/docs
-On the left hand panel, see the `Security Advisiories` in the `Kea DHCP` section.
+**Past advisories** for Kea can be found in our KB: https://kb.isc.org/docs.
+On the left-hand panel, see the `Security Advisories` in the `Kea DHCP` section.