Proposal to remove the reward/gift aspect for vulnerabilities

content/donate.adoc

@@ -26,7 +26,6 @@ Your donations help to keep the project going and to accelerate its evolution:
 ** Certificates and domains for our websites, network transit costs, hardware for self-hosted services
 ** Cost of SaaS services not covered by sponsorships
 * Organizing link:/events/online-meetup/[online], link:/projects/jam/[local] Jenkins meetups (swag, promotion materials)
-* Gifts for link:/security/#reporting-vulnerabilities[reporting security vulnerabilities] (link:/security/gift/[more info])
 * Funding the jep:12[Jenkins Travel Grant Program] to help community members to attend Jenkins related events.
 
 Your contribution will *NOT* be used for paying personnel, for placing ads, or for other forms of commercial promotion.

content/project/team-leads.adoc

@@ -41,7 +41,6 @@ All Jenkins officers and team leads have the following responsibilities:
 Coordinates the security-related activities in the Jenkins project. This is an **elected role**. 
 
 * Run the Jenkins CERT meeting
-* link:/security/gift/[Manage sending gifts to qualifying reporters of resolved security issues]
 * Coordinate work on and releases of security fixes with plugin authors and Release Officer
 * Publish link:https://wiki.jenkins.io/display/JENKINS/Security+Advisorie[Security Advisories] (including CVE IDs and CVSS) and notify the link:https://groups.google.com/forum/#!forum/jenkinsci-advisories[mailing list]
 * Drive security policy definition/changes in the community

content/security/index.adoc

@@ -51,8 +51,6 @@ IMPORTANT: Do not contact the Jenkins security team asking us for compliance doc
 We will not respond to such queries.
 If we consider it necessary to provide a statement in response to incidents such as link:/blog/2021/12/10/log4j2-rce-CVE-2021-44228/[log4shell] or link:/blog/2022/03/31/spring-rce-CVE-2022-22965/[SpringShell], you will find a response in our link:/node/[blog].
 
-To show our appreciation for your help, we'll send you link:/security/gift/[a small reward] for privately reported, valid vulnerability reports.
-
 
 == Learn More
 
@@ -72,9 +70,6 @@ The Jenkins security team contacted me about a security vulnerability. Now what?
 link:for-administrators[Information for Administrators]::
 This page explains everything Jenkins users and administrators need to know about the Jenkins security process.
 
-link:gift[Gifts for Reporters]::
-To show our appreciation for your help, we'll send you a small reward for privately reported, valid vulnerability reports.
-
 link:cna[Jenkins CVE Numbers Authority]::
 The Jenkins project is a CVE Numbers Authority (CNA) for Jenkins and Jenkins plugins published by the Jenkins project.
 

content/security/reporting.adoc

@@ -94,11 +94,9 @@ For example, Jenkins core is on a monthly release cadence with several weeks of
 We will credit reporters who informed us in private about security vulnerabilities in security advisories.
 // TODO more detail
 
+== Bug bounty / Reward / Gift
 
-== Gift Policy
-
-See link:/security/gift/[Gifts for Reporters].
-
+Currently there is no program to reward vulnerability reporters.
 
 == Security Advisories