If you discover a security issue, please follow these steps:

1. Email: Send a detailed report to lintshiwe1452@gmail.com
2. **
3. Response Time: Expect acknowledgment within 48 hours.
4. Disclosure Timeline: We aim to resolve and disclose responsibly within 14 days.

We welcome reports on:

• Data exposure or leakage
• Authentication bypass
• Privilege escalation
• API abuse or injection
• Disaster alert spoofing or manipulation

• UI bugs without security impact
• Rate limiting suggestions
• Feature requests

All accepted vulnerabilities will be:

• Reproduced in a test environment
• Patched in a dedicated branch
• Merged after CI/CD validation
• Documented in release notes

Valid reports may earn:

• A GitHub badge on your profile
• Contributor credit in the changelog
• CrisisLink Hall of Fame mention