This policy covers all repositories under the venantvr-trading organization. These projects deal with algorithmic trading, market data processing, risk management, and financial API integrations.

If you discover a security vulnerability in any of these repositories, please report it responsibly:

1. Do not open a public issue. Security vulnerabilities must be reported privately.
2. Go to the affected repository's Security tab and click "Report a vulnerability" to create a private security advisory.
3. Include as much detail as possible: affected files, steps to reproduce, and potential impact.

• Exchange API key or secret exposure
• Trading credentials or tokens in source code or configuration
• Vulnerabilities that could lead to unauthorized trade execution
• Market data manipulation through input injection
• Insecure storage of financial credentials
• Webhook endpoints without proper authentication

• Acknowledgment within 72 hours
• Status update within 7 days
• If confirmed, a fix will be prioritized and you will be credited (unless you prefer anonymity)

• Archived repositories (kept for reference, not actively maintained)
• Trading strategy logic or financial accuracy issues
• Paper trading / simulation environments with no real funds at risk