If you discover a security vulnerability within Universal-Box, please report it by contacting Abhishek Mallick. We take security seriously and will respond promptly to your report.

• Acknowledgment: You can expect an acknowledgment of your report within 48 hours.
• Updates: We will provide updates on the status of your report as we investigate and address the issue.
• Resolution: If the vulnerability is confirmed, we will work to resolve it as quickly as possible and inform you once a fix has been deployed.

The following document describes various aspects of Universal-Box security. This will continue to evolve alongside our development process, and nothing here is considered final. We appreciate any and all feedback.

At the time of writing, Universal-Box has not undergone any third-party security audits. As a matter of policy, we will not publish these reports publicly until we have completed our internal review process.

Currently, Universal-Box does not have a paid bug bounty program due to financial constraints. We expect this to change in the future; however, there are no guarantees. Retrospective grants may be considered on a case-by-case basis for significant vulnerabilities reported during this period.