If you discover a security vulnerability in ScarpShield, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email: ccie14019@gmail.com

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Assessment: Within 7 days
• Fix release: Within 30 days for critical issues

This policy applies to the ScarpShield codebase at https://github.com/RunTimeAdmin/ScarpShield.

Security issues in dependencies should be reported to their respective maintainers.

We appreciate responsible disclosure and will credit reporters in release notes (unless anonymity is requested).