Merge pull request #3551 from Infisical/maidul98-patch-11

Add Conduct and Enforcement to bug bounty

Author: maidul98

docs/internals/bug-bounty.mdx

@@ -58,3 +58,23 @@ We ask that researchers:
 - Give us a reasonable window to investigate and patch before going public
 
 Researchers can also spin up our [self-hosted version of Infisical](/self-hosting/overview) to test for vulnerabilities locally. 
+
+### Program Conduct and Enforcement
+
+We value professional and collaborative interaction with security researchers. To maintain the integrity of our bug bounty program, we expect all participants to adhere to the following guidelines:
+
+- Maintain professional communication in all interactions
+- Do not threaten public disclosure of vulnerabilities before we've had reasonable time to investigate and address the issue
+- Do not attempt to extort or coerce compensation through threats
+- Follow the responsible disclosure process outlined in this document
+- Do not use automated scanning tools without prior permission
+
+Violations of these guidelines may result in:
+
+1. **Warning**: For minor violations, we may issue a warning explaining the violation and requesting compliance with program guidelines.
+2. **Temporary Ban**: Repeated minor violations or more serious violations may result in a temporary suspension from the program.
+3. **Permanent Ban**: Severe violations such as threats, extortion attempts, or unauthorized public disclosure will result in permanent removal from the Infisical Bug Bounty Program.
+
+We reserve the right to reject reports, withhold bounties, and remove participants from the program at our discretion for conduct that undermines the collaborative spirit of security research.
+
+Infisical is committed to working respectfully with security researchers who follow these guidelines, and we strive to recognize and reward valuable contributions that help protect our platform and users.