Yes, there is a bug bounty program available:

We also have PGP keys available for more secure communications around bugs and security disclosures: