Ruby now uses HackerOne for managing incoming security vulnerability reports

Update security documentation to point to https://hackerone.com/ruby.

Author: reedloden

en/security/index.md

@@ -9,9 +9,13 @@ Here you will find information about security issues of Ruby.
 
 ## Reporting Security Vulnerabilities
 
-Security vulnerabilities should be reported via an email to
-security@ruby-lang.org ([the PGP public key](/security.asc)), which is a
-private mailing list. Reported problems will be published after fixes.
+Security vulnerabilities should be reported through our
+[bounty program page at HackerOne](https://hackerone.com/ruby).
+Reported problems will be published after fixes.
+
+If you need to get in touch with the security team directly outside
+of HackerOne, you can send email to security@ruby-lang.org
+([the PGP public key](/security.asc)), which is a private mailing list.
 
 The members of the mailing list are people who provide Ruby
 (Ruby committers and authors of other Ruby implementations,