If you discover a security vulnerability, please report it responsibly.

Email: jason.j.shotwell@gmail.com Subject line: [SECURITY] AIR Blackbox — <brief description>

We will acknowledge your report within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.

Please do not open a public GitHub issue for security vulnerabilities.

We follow coordinated disclosure. If you report a vulnerability, we will:

1. Acknowledge receipt within 48 hours
2. Provide an estimated timeline for a fix
3. Credit you in the release notes (unless you prefer anonymity)
4. Not pursue legal action against good-faith security researchers