# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| main    | :white_check_mark: |

## Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability, please follow these steps:

1. **Do not** open a public issue
2. Email the maintainer directly at `tuan-dat.tran@example.com`
3. Include:
   - Description of the vulnerability
   - Steps to reproduce
   - Potential impact
   - Suggested fix (if any)

### What to Expect

- Acknowledgment within 48 hours
- Assessment within 7 days
- Fix timeline based on severity:
  - Critical: 24-72 hours
  - High: 1 week
  - Medium/Low: Next release

### Disclosure Policy

- Please allow time for the fix before public disclosure
- Coordinated disclosure is appreciated
- Credit will be given in the fix commit

Thank you for helping keep this project secure!