If you discover a security vulnerability in this project, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Instead, please email the maintainer directly or use GitHub's private vulnerability reporting feature

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Resolution: Depends on severity and complexity

This project follows security best practices:

• Sanitizers: ASan, UBSan, and TSan presets for catching memory and threading bugs
• Static Analysis: clang-tidy integration for catching potential issues at compile time
• Hardening: Debug builds use -ftrivial-auto-var-init=pattern to catch uninitialized variable bugs
• Dependencies: Managed via CMake FetchContent with pinned versions
• CI/CD: Automated testing on every push and pull request

See CONTRIBUTING.md for dependencies.

We recommend regularly updating dependencies and running security scans on production builds.