1. Do NOT open up a GitHub issue for security vulnerabilities
2. Email your findings to [INSERT SECURITY EMAIL]
3. You'll receive a response within 48 hours
4. If the issue is confirmed, we'll release a patch ASAP
5. You may be eligible for a bounty depending on severity

Thank you for helping keep Firefly secure! 🙏