We value security for the project very highly. We encourage all users to report any vulnerabilities they discover to us. If you find a security vulnerability in the cardano-cls project, please report it responsibly by sending an email to cardano-cls@tweag.io
At this juncture, we don't have a bug bounty program. We urge you to report any vulnerabilities responsibly so that we can continue building a secure application for the entire community.