If you discover a security vulnerability, please email:

security@pulse-protocol.org (placeholder - update before publishing)

We will respond within 48 hours.

Please do NOT open public issues for security vulnerabilities.

• HMAC-SHA256 message signing
• Replay protection (timestamp + nonce)
• Tamper detection
• Constant-time signature comparison

1. Always verify signatures in production
2. Use TLS for network transmission
3. Rotate keys regularly
4. Store keys securely (not in code)