kstats is a pure computational library with no network access, no file I/O, and no server components. The security surface is limited to:

• Numerical correctness (overflow, underflow, edge-case inputs)
• The SecureRandom implementation in kstats-core (delegates to platform primitives)
• Algorithmic complexity (inputs that cause excessive computation)

Security fixes are applied to the latest release only.

If you discover a security issue, please report it privately via GitHub Security Advisories rather than opening a public issue.

You can expect an initial response within 7 days. Since kstats is maintained by a solo developer, please allow reasonable time for investigation and patching.

Once a fix is released, the advisory will be published with full details.