If you discover a security vulnerability in check, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Email security concerns to the maintainers directly
3. Include as much detail as possible:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Resolution target: Depends on severity

This security policy covers the check validation library. Issues related to:

• Input validation bypass
• Denial of service via crafted input
• Information disclosure

are considered in scope.

We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities (unless they prefer to remain anonymous).