diff --git a/docs/security-and-privacy/statement-on-security/README.md b/docs/security-and-privacy/statement-on-security/README.md
index 33d9f946709..4169b4cdeff 100644
--- a/docs/security-and-privacy/statement-on-security/README.md
+++ b/docs/security-and-privacy/statement-on-security/README.md
@@ -61,6 +61,9 @@ If you can, please send us a PGP-encrypted email using the following key:
 
 Please include a description on how to reproduce the issue if possible. Our security team will get your email and will attempt to reproduce and fix the issue as soon as possible.
 
+> **Please note:** OpenProject currently does not offer a bug bounty program. We will do our best to give you the appropriate credits for responsibly disclosing a security vulnerability to us. We will gladly reference your work, name, website on every publication we do related to the security update.
+
+
 ## OpenProject security features
 
 ### Authentication and password security