If you discover a security vulnerability in ph-curves, please report it privately — do not open a public issue.

Email steve@giacomelli.ca with:

• A description of the vulnerability.
• Steps to reproduce or a proof of concept.
• The affected version(s).

You should receive an acknowledgement within 48 hours. We will work with you to understand and address the issue before any public disclosure.

ph-curves is a no_std library primarily used in embedded firmware. Security concerns most likely to apply include:

• Integer overflow or wraparound in math helpers.
• Unsound unsafe code (if any is introduced).
• Panics or undefined behaviour triggered by crafted input to the code-gen CLI.

Once a fix is available, we will publish an advisory and a patched release. Credit will be given to the reporter unless they prefer to remain anonymous.