If you discover a security vulnerability in BooFun, please report it responsibly:

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email: gabtab@berkeley.edu with subject line "BooFun Security Issue"
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix timeline: Depends on severity
  • Critical: Within 7 days
  • High: Within 30 days
  • Medium/Low: Next release

This project follows security best practices:

• Dependencies are regularly updated via Dependabot
• Code is scanned with CodeQL for vulnerabilities
• All releases are published via secure CI/CD pipelines

This policy applies to the BooFun library code. Issues in dependencies should be reported to those projects directly.