If you discover a security vulnerability in CreditRiskEngine, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email the maintainers directly or use GitHub's private vulnerability reporting.

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days.

This policy applies to the CreditRiskEngine library itself. It does not cover regulatory calculation accuracy (see Regulatory Disclaimers).