# Security Policy ## Reporting Security Issues Thanks for helping make Donut Browser safe for everyone! ❤️ I take the security of Donut Browser seriously. If you believe you have found a security vulnerability in Donut Browser, please report it to me through coordinated disclosure. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** Instead, please send an email to **[contact@donutbrowser.com](mailto:contact@donutbrowser.com)** with the subject line "Security Vulnerability Report". Please include as much of the information listed below as you can to help me better understand and resolve the issue: - The type of issue (e.g., buffer overflow, injection attack, privilege escalation, or cross-site scripting) - Full paths of source file(s) related to the manifestation of the issue - The location of the affected source code (tag/branch/commit or direct URL) - Any special configuration required to reproduce the issue - Step-by-step instructions to reproduce the issue - Proof-of-concept or exploit code (if possible) - Impact of the issue, including how an attacker might exploit the issue - Your assessment of the severity level This information will help me triage your report more quickly. ## What to Expect - **Response Time**: I will acknowledge receipt of your vulnerability report within 72 hours. - **Investigation**: I will investigate the issue and provide you with updates on my progress. - **Resolution**: I aim to resolve critical security issues as fast as possible, but no longer than in 30 days after the initial report. - **Disclosure**: I will coordinate with you on the timing of any public disclosure. ## Contact For urgent security matters, please contact me at **[contact@donutbrowser.com](mailto:contact@donutbrowser.com)**. For general questions about this security policy, you can also reach out through: - [GitHub Issues](https://github.com/zhom/donutbrowser/issues) (for non-security questions only) - [GitHub Discussions](https://github.com/zhom/donutbrowser/discussions)