If you believe you have identified a security vulnerability in this project, please send an email to the project team at opensource@bloomberg.net, detailing the nature of the issue, the steps to reproduce it, and any other relevant information.

Please do not open a public issue for security vulnerabilities.

After you have submitted a security report:

1. The project team will acknowledge receipt of your report within 3 business days
2. The team will investigate and validate the issue
3. The team will work on a fix and coordinate disclosure timing with you
4. Once a fix is available, we will release a security advisory and updated version

This is a research reproducibility project. Security updates will be provided on a best-effort basis for the latest version only.

When using this tool:

• Keep all dependencies up to date
• Review and validate any generated code before use
• Do not run the tool with elevated privileges unless necessary
• Be cautious when analyzing untrusted codebases

For more information about Bloomberg's security practices, see Bloomberg's Security Policy.