Have no idea what the steps are now, Gramp. I did some reading and someone mentioned they had to fill out some form, so I would just wait until it becomes completely Open Source. That said, my typically flow is thus. Again, my primary defense is SBIE. I would browse for a week or so within this session and then SBIE would warn that my session is over a week old so I would clear it and start fresh. When a flash update (or other software that I do run within my VM) comes out I would hose the complete VM to a golden set point, install the update, and then save the new golden set point (happens roughly once every one to two months). I also sometimes just recover from a golden set point for the heck of it; my prerogative. In VirtualBox, recovery to a golden set point takes around 10 seconds (no joke) and all history that may have been created after that point is obliterated (to include an infection if you get one). VM recovery is my secondary offense, though and don't do so that often; I mostly just delete the SBIE session (takes 2 seconds; lol). I do run 5 SBIE sessions; only use 3 at most (and mainly use just one; the others are for banking and such). Each SBIE session is isolated from each other (no crosstalk). That's what is so powerful with SBIE.
Just as a side note, my XP VM typically boots in around 20 seconds; I've never had a WinXP boot that fast ever when I was running XP natively (Host). I know XP is still a vulnerable OS, but it's still the best OS M$ ever created IMO. I usually run Iron Browser even though it's not been updated for several years now. Was also running FireFox since it was still being updated but no longer do so since it hasn't been updated in over a year now as well. Currently vetting MyPal (been vetting for 4 months now; do have to re-install it every time when I recover from a golden setpoint since I'm not willing to make that a part of my Golden setpoint at the moment; maybe after I year I will). It still supports XP with all the newest bells and whistles that matter (to include TLS encryption). Even so, I'm a cautious person (call my borderline paranoid; lol). I don't run any anti-Virus on my Guest OS (do so for Host but only Window's Defender). Anti-Virus programs just gives the user a false sense of security; it would probably help with keyloggers, but even that's questionable. Anyway, you asked, so, I shared my usage.