From 638c2a86756f76a5482698af66ab7813bfc9242a Mon Sep 17 00:00:00 2001
From: vinckr <vincent@ory.sh>
Date: Mon, 13 Jan 2025 12:05:51 -0300
Subject: [PATCH 1/2] chore: research guidelines bug bounty

---
 docs/ecosystem/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/ecosystem/security.md b/docs/ecosystem/security.md
index c1729d0bb..f72cabf02 100644
--- a/docs/ecosystem/security.md
+++ b/docs/ecosystem/security.md
@@ -62,7 +62,7 @@ Prohibited activities:
 
 - social engineering like phishing, vishing, or smishing
 - security scanning with more than 5 QPS against Ory domains
-- any activity that leads to disruption of our service longer than 5 minutes
+- any activity that leads to disruption of Ory services
 
 ### What can you report
 

From a0a64a279265d46616847ec9583460bf475f22b2 Mon Sep 17 00:00:00 2001
From: vinckr <vincent@ory.sh>
Date: Mon, 13 Jan 2025 12:07:19 -0300
Subject: [PATCH 2/2] chore: research guidelines bug bounty

---
 docs/ecosystem/security.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/ecosystem/security.md b/docs/ecosystem/security.md
index f72cabf02..20d5946c1 100644
--- a/docs/ecosystem/security.md
+++ b/docs/ecosystem/security.md
@@ -60,9 +60,11 @@ holder.
 
 Prohibited activities:
 
-- social engineering like phishing, vishing, or smishing
-- security scanning with more than 5 QPS against Ory domains
-- any activity that leads to disruption of Ory services
+- creating failing/incomplete subscriptions to paid plans in Ory Network for example with incomplete or fake credit card
+  information.
+- social engineering like phishing, vishing, or smishing.
+- security scanning with more than 5 QPS against Ory domains.
+- any activity that leads to disruption of the Ory Network service for customers.
 
 ### What can you report