# Security Reporting
## Contact
Security bugs may be privately reported to <security@bulwark.security>.
## Scope
Due to Bulwark's design as a security engine that hosts detections as separate, customizable, composable units, security
reports should not be sent for individual detections or specific combinations of detections. Instead, file issues against
the detection repository in question.
Reports related to the security of the engine itself are welcomed at the contact address above. There is currently no
active bug bounty program, only a vulnerability disclosure process.