honestly this situation is quite common to cyber security and disclosure of vulnerabilities / problems that need fixing. rfc9116 (security.txt) is pretty useless; most of the time just some email inbox to /dev/null
knowing back channels, having the 'village' mindset is much better
I couldn't get dillo to compile easily on macos, it doesn't seem to detect ssl libraries installed on the system)
you can do this to compile it on macos (tested on M1):
install https://www.xquartz.org/ to have X11
brew install fltk libjpeg #you might also need openssl@3 but unsure
git clone https://github.com/crossbowerbt/dillo-plus/; cd dillo-plus
# update the 1.3.8_1 fltk version
sed 's/1.3.8_1/1.3.9/g' Makefile.options.MacOS > Makefile.options
make -j8
# find binary in ./src/dillo
maybe someone should make a brew package (for both this and dillo-plus)..?