We take security seriously. If you discover a vulnerability:

1. DO NOT open a public issue
2. Email Me:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
3. I'll respond within 48 hours
4. I'll work on a fix and coordinate disclosure

• ✅ Regular dependency updates
• ✅ Static code analysis (Bandit, PyLint)
• ✅ Penetration testing
• ✅ Code reviews for all PRs
• ✅ Signed commits