# Security Policy
## Supported Versions
Security patches are applied to the latest released version of SIB.
## Reporting a Vulnerability
Please email vulnerabilities privately to **mail@pooya.ai**.
Do not disclose publicly until we confirm and patch the issue.
We will acknowledge receipt within 48 hours and provide a fix timeline.
## Responsible Disclosure
Once fixed, we publish a CVE and release notes describing the impact and mitigation steps.