This repository accepts security reports for:

1. Python package runtime and CLI (src/zpe_image_codec, zpe-image-verify).
2. Verification, proof, and validation artifacts (proofs/, validation/).
3. CI and release pipeline configurations.

Please report vulnerabilities privately to architects@zer0pa.ai with:

1. A clear impact summary.
2. Reproduction steps or proof-of-concept.
3. Affected versions or commit ranges.
4. Suggested remediation when available.

1. Initial acknowledgement: within 5 business days.
2. Triage and severity classification: within 10 business days.
3. Remediation timeline: shared after triage.

Public disclosure should be coordinated after a fix is available.