Security fixes are released on the latest tagged version. Consumers should pin a tag in go.mod and update promptly when a security release is published.

Please report security issues privately by emailing security@billionverify.com. Do not open a public issue for vulnerabilities.

Include:

• Affected version or commit.
• Minimal reproduction steps.
• Expected impact.
• Any relevant logs or sample input.

We aim to acknowledge reports within 3 business days and will coordinate a fix and disclosure timeline with the reporter.