Leanpub is a bootstrapped startup, so we do not have the funds for a bug
bounty program.

Responsible private disclosure of potential security vulnerabilities is greatly
appreciated, and can be disclosed by emailing hello@leanpub.com.

Did this answer your question?