# Security Policy

VPN Share handles user network traffic. Security issues should be treated as
high priority even before the first stable release.

## Reporting

Report vulnerabilities privately to the maintainers. Do not open public issues
for exploitable bugs until a fix is available.

## Scope

In scope:

- Authentication bypass.
- Traffic decryption or tampering.
- DNS or traffic leaks.
- Peer isolation failures.
- Unsafe packet parser behavior.
- Sensitive data logging.

Out of scope:

- Denial of service requiring physical access and no persistence.
- Bugs in third-party VPN applications.

## Disclosure Target

Maintainers should acknowledge reports within 7 days and publish a fix timeline
based on severity.