If you discover a security vulnerability, report it responsibly:

1. Do not open a public issue.
2. Use GitHub Security Advisories to report privately.
3. Alternatively, email security@cipherpunk.rs with details.

• Acknowledgement: within 48 hours
• Initial assessment: within 1 week
• Fix or mitigation: best effort, typically within 30 days