diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 411e7fb523b..d0db77ccfe6 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -15,6 +15,8 @@ Before filing an issue, please be sure to read the guidelines for what you're re
 * [Proposing a Rule Change](https://eslint.org/docs/developer-guide/contributing/rule-changes)
 * [Request a Change](https://eslint.org/docs/developer-guide/contributing/changes)
 
+To report a security vulnerability in ESLint, please use our [HackerOne program](https://hackerone.com/eslint).
+
 ## Contributing Code
 
 Please sign our [Contributor License Agreement](https://cla.js.foundation/eslint/eslint) and read over the [Pull Request Guidelines](https://eslint.org/docs/developer-guide/contributing/pull-requests).
diff --git a/docs/developer-guide/contributing/README.md b/docs/developer-guide/contributing/README.md
index a4e331ef9d6..a22ea5d90a2 100644
--- a/docs/developer-guide/contributing/README.md
+++ b/docs/developer-guide/contributing/README.md
@@ -28,6 +28,10 @@ Want to make a change to an existing rule? This section explains the process and
 
 If you'd like to request a change other than a bug fix or new rule, this section explains that process.
 
+## Reporting a security vulnerability
+
+To report a security vulnerability in ESLint, please use our [HackerOne program](https://hackerone.com/eslint).
+
 ## [Working on Issues](working-on-issues.md)
 
 Have some extra time and want to contribute? This section talks about the process of working on issues.