We take security seriously. If you've discovered a security vulnerability, please report it responsibly.

• GitHub Security Advisories: Use the "Report a vulnerability" feature in the Security tab
• Email: Contact via GitHub issues (tag as security)

Please provide:

1. Description of the vulnerability
2. Steps to reproduce the issue
3. Impact assessment - what could an attacker do?
4. Affected versions of the project
5. Any potential fixes (if known)

• Acknowledgment: Within 48 hours
• Status Update: Within 5 business days
• Resolution: Depends on severity (critical issues prioritized)

Please allow reasonable time to respond before disclosing publicly. We aim to resolve critical vulnerabilities within 30 days.

When contributing:

• Never commit sensitive information (API keys, passwords, tokens)
• Keep dependencies up to date (npm audit, pip check)
• Follow secure coding guidelines
• Review code for security issues before submitting PRs
• Use environment variables for secrets, never hardcode

Thank you for helping keep our project secure! 🙏