Welcome to ChaosWeb! We aim to foster creativity and experimentation in web design by challenging the norms. However, despite the chaos, security is still a priority. This document outlines the security policies and guidelines for reporting any vulnerabilities related to this project.

ChaosWeb is actively maintained. Please ensure you're using the latest version of the project, as older versions may not include important security updates.

If you discover a security vulnerability within ChaosWeb, we highly appreciate your help in disclosing it responsibly. To report a vulnerability:

1. Contact us via email: Please send an email to [email protected] with details of the vulnerability. Include as much information as possible to help us understand the nature and potential impact of the issue.
2. Response Time: We aim to respond to security issues within 48 hours and will work with you to resolve the issue promptly.
3. Do not disclose publicly: To protect users, please do not publicly disclose the vulnerability until we have had a chance to address it.

When reporting a vulnerability, please provide the following information:

• A clear and detailed description of the issue.
• Steps to reproduce the vulnerability, if possible.
• Potential impact and any suggestions for mitigating the issue.
• Your contact details for follow-up (optional).

We appreciate vulnerability reports related to:

• Code injections (JavaScript, HTML, etc.)
• Cross-site scripting (XSS)
• Authentication bypass
• Sensitive data exposure
• Any other security flaws that may impact users or contributors

Please note, due to the deliberately chaotic nature of the project, design-related chaos, confusing navigation, and quirky UI behavior are intentional features and not considered security vulnerabilities.

We greatly value the time and effort it takes to identify and report security issues, and we thank you for helping us keep ChaosWeb safe and secure for everyone!