# Security Policy
## Reporting a Vulnerability
If you believe you've found a security vulnerability:
1. **Do not** open a public issue.
2. Email: <security@devnw.com>
3. Include:
- affected version/commit
- reproduction steps or PoC (as safe as possible)
- impact assessment
- suggested fix (if you have one)
## Response targets (best effort)
- Acknowledgment: within 2 business days
- Triage update: within 7 days
## Supported Versions
| 0.x | Yes |
## Disclosure
We prefer coordinated disclosure. We'll credit reporters unless anonymity is requested.