Skip to content

Security Reports


Security bugs may be privately reported to


Due to Bulwark’s design as a security engine that hosts detections as separate, customizable, composable units, security reports should not be sent for individual detections or specific combinations of detections. Instead, please refer to the false positives section for details on how best to report these.

Reports related to the security of the engine itself are welcomed at the contact address above. Since the tool is currently in a public beta testing phase, there is currently no active formal bug bounty program.