Security reports are welcome for:

• signaling vulnerabilities
• media service vulnerabilities
• dependency vulnerabilities with practical exploitability

Please report privately by emailing: techtruth@gmail.com.

Include:

• affected component/version
• release line (currently 0.1.0-alpha.1)
• reproduction steps
• expected vs actual behavior
• potential impact

• We aim to acknowledge reports within 72 hours.
• We will coordinate fixes and release notes before public disclosure.

• Public diagnostics intentionally avoid payload dumps of sensitive media data.
• Threat model notes are tracked in docs/threat-model.md.