Security Policy Reporting a Vulnerability Email: security@example.com (replace with project contact). Include steps to reproduce, affected versions/commits, and impact assessment if known. Do not open public issues for sensitive reports. Response We will acknowledge receipt within 3 business days. We will provide a remediation plan and target timeline after triage. Credit will be given in advisories unless you request otherwise. Scope Lattice language runtime, compiler/interpreter, stdlib, and build tooling. Out-of-scope: third-party dependencies unless bundled. Disclosure Please give us reasonable time to address issues before public disclosure.