This policy covers all repositories under the venantvr-crypto organization. These projects deal with cryptography, blockchain technologies, and wallet implementations.

If you discover a security vulnerability in any of these repositories, please report it responsibly:

1. Do not open a public issue. Security vulnerabilities must be reported privately.
2. Go to the affected repository's Security tab and click "Report a vulnerability" to create a private security advisory.
3. Include as much detail as possible: affected files, steps to reproduce, and potential impact.

• Private key exposure or leakage
• Weak or broken cryptographic algorithms used in production contexts
• Wallet address manipulation or fund redirection
• Hardcoded secrets, API keys, or credentials
• Dependencies with known CVEs

• Acknowledgment within 72 hours
• Status update within 7 days
• If confirmed, a fix will be prioritized and you will be credited (unless you prefer anonymity)

• Archived repositories (kept for reference, not actively maintained)
• Educational or demo code clearly marked as such
• Vulnerabilities in third-party dependencies that are already publicly disclosed — please check existing CVEs first