If you discover a security vulnerability in this project, please report it responsibly:

1. DO NOT create a public GitHub issue
2. Email: security@biologicalsovereigntyprotocol.com
3. Include: description, reproduction steps, potential impact
4. Expected response: within 48 hours

This policy covers the BSP protocol implementation, smart contracts, and SDK. Vulnerabilities in third-party dependencies should be reported to their maintainers.