add bug bounty info

(cherry picked from commit 86bd4d73896afcb35a205456e361436701823c7a)

README.md

@@ -66,7 +66,7 @@ The core development principles and strategies that OpenZeppelin Contracts is ba
 
 The latest audit was done on October 2018 on version 2.0.0.
 
-Please report any security issues you find to security@openzeppelin.org.
+Please report any security issues you find via our [bug bounty program on Immunefi](https://www.immunefi.com/bounty/openzeppelin) or directly to security@openzeppelin.org.
 
 Critical bug fixes will be backported to past major releases.
 

docs/modules/ROOT/pages/index.adoc

@@ -40,6 +40,11 @@ TIP: If you're new to smart contract development, head to xref:learn::developing
 
 To keep your system secure, you should **always** use the installed code as-is, and neither copy-paste it from online sources, nor modify it yourself. The library is designed so that only the contracts and functions you use are deployed, so you don't need to worry about it needlessly increasing gas costs.
 
+[[security]]
+== Security
+
+Please report any security issues you find via our https://www.immunefi.com/bounty/openzeppelin[bug bounty program on Immunefi] or directly to security@openzeppelin.org.
+
 [[next-steps]]
 == Learn More