# Security Policy for DotKit
At DotKit, we take security seriously. If you believe you have found a security vulnerability, please follow the steps below to responsibly report it.
## Reporting a Vulnerability
If you have found a potential security vulnerability in **DotKit**, please do not open an issue in the GitHub repository. Instead, please follow these steps:
1. **Email us directly. Provide as much information as possible to help us understand the vulnerability, including:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Any relevant logs or proof of concept (PoC).
2. **Use a responsible disclosure method**. We will work with you to validate the issue and patch it as quickly as possible before public disclosure.
## Security Patches and Updates
Once a vulnerability is confirmed, we will:
- Assign a severity level (Critical, High, Medium, Low).
- Could you provide a patch and release it as soon as possible?
- Publish a security advisory (if necessary) detailing the vulnerability and its resolution.
## Security Best Practices
We recommend the following security practices for users and contributors:
- Keep your DotKit installation up to date with the latest releases.
- Regularly review security advisories and patches from the DotKit repository.
- If contributing to the project, follow secure coding practices and conduct thorough security reviews.
## Acknowledgements
We thank the security community for their diligence in keeping DotKit secure. If you report a vulnerability, we will credit you in the release notes or the project's documentation (unless you prefer to remain anonymous).