If you discover a security vulnerability in ICB, please do not open a public issue.

Instead, email us at [artuhovpetr35@gmail.com] (or your preferred contact). We will respond within 48 hours and work with you to assess and address the issue.

1. Reporter sends details privately.
2. Maintainer acknowledges within 48 hours.
3. Maintainer validates and prepares a fix.
4. Fix is released and publicly disclosed after a reasonable period.

We do not currently offer monetary rewards, but we will credit you in the release notes (unless you prefer to remain anonymous).

• The core parsing, graph construction, server API, and CLI.
• The web frontend served by the server.
• CI/CD workflows and deployed artifacts.

Thank you for helping keep ICB secure.