How to report

• Email security@obscurelabs.com with encrypted details (PGP key available on request).
• Include proof-of-concept, impact assessment, and remediation suggestions if available.
• We acknowledge within 24 hours and share remediation timelines as they are available.

Commitments

• No legal action for good-faith research adhering to these guidelines.
• Attribution in release notes or Hall of Fame (optional).
• Coordinated disclosure with agreed-upon timelines.