Preferred: Use GitHub Security Advisories to report vulnerabilities privately.

Alternative: Email protoscience@anulum.li with:

1. Description of the vulnerability
2. Steps to reproduce
3. Impact assessment

Response SLA:

• 48 hours: acknowledgement
• 7 days: initial assessment and severity classification
• Fix timeline communicated after assessment

Do not disclose publicly before a fix is released. We will credit reporters in the changelog unless anonymity is requested.