Please DO NOT report security vulnerabilities through public GitHub issues.

We take security seriously. If you discover a security vulnerability in DOverlay, please report it to us privately so we can address it before it becomes public knowledge.

Please send security vulnerability reports to:

Email: deqpi.contact@gmail.com

When reporting a vulnerability, please provide:

• Description: Clear description of the vulnerability
• Impact: Potential impact and severity
• Steps to Reproduce: Detailed steps to reproduce the issue
• Proof of Concept: If possible, include code or screenshots
• Affected Versions: Which versions are affected
• Suggested Fix: If you have ideas on how to fix it (optional)

• Initial Response: Within 48 hours of report
• Status Update: Within 7 days with assessment and planned fix timeline
• Resolution: We aim to resolve critical vulnerabilities within 30 days

• Please allow us reasonable time to fix the vulnerability before public disclosure
• We will credit you in our security advisories (unless you prefer to remain anonymous)
• Once fixed, we will publish a security advisory on GitHub
• We follow responsible disclosure practices

• Security patches will be released as soon as possible
• Critical vulnerabilities will be prioritized
• Users will be notified through:
  • GitHub Security Advisories
  • Release notes

Currently, we do not offer a bug bounty program, but we deeply appreciate responsible disclosure and will publicly acknowledge security researchers who help us improve DOverlay's security.

Thank you for helping keep DOverlay and its users safe!