Disclosure Policy

July 2024

At Duca Labs Ltd., safeguarding your use of our platform and protocols is considered a paramount concern. However, despite our extensive efforts to ensure system security, vulnerabilities may still exist or come into existence. We acknowledge the importance of collaborating with talented developers and security researchers worldwide to uncover and address potential weaknesses in our technology. This collaboration enables us to enhance the security of our systems and services continuously, striving to offer the most secure and reliable experience for our users.

Should you identify a security vulnerability within our service, we value your assistance in responsibly reporting it to us. We request that you promptly report any such vulnerabilities in strict accordance with the following policy.

1. Policy

We ask that you:

  1. Refrain, during your research and investigation, from:

    a. conducting distributed denial of service (DDoS) attacks;

    b. performing 'brute force' attacks;

    c. submitting, uploading, or storing malware on our systems;

    d. using phishing tools or other intrusion and hacking methods;

    e. altering any of our systems or the data contained within them; and

    f. employing social engineering tactics or testing physical security measures.

  2. Ensure that your actions do not exceed what is strictly necessary to report the identified security risks to us according to this policy, and refrain from misusing your discoveries by, for instance, accessing sensitive data, overloading systems, or causing inconvenience to F2F users. We ask that you strive to avoid privacy breaches, degradation of user experience, disruption of production systems, and data destruction.

  3. Report any identified security vulnerabilities, along with any related or pertinent findings, via security@ducata.com. Include, to the best of your ability: a. a detailed description of the security vulnerability, with all relevant information; and b. clear, step-by-step instructions on how we can replicate and/or verify the finding.

  4. Keep your findings strictly confidential and do not disclose any details to third parties until we have confirmed to you in writing that the security vulnerability has been completely resolved.

  5. Irreversibly delete any sensitive information and other data obtained during your investigation once we have confirmed to you in writing that the security vulnerability has been fully addressed.

In return, we will:

  1. Avoid imposing any legal consequences for your investigation and report, as long as they comply with this policy.

  2. Handle your reports with confidentiality and will not share your personal information with third parties without your consent, unless legally required.

  3. Acknowledge you as the discoverer of the security risk in any (public) communication or publication, if desired, noting that if someone else reported the same vulnerability earlier, they will be recognized as the discoverer.

  4. Aim to respond within fourteen (14) days to your report, with our evaluation of your findings.

  5. Work promptly to address the security vulnerability and keep you updated on the resolution progress.

  6. Be open to discussions on contribution to publications of your findings, after the security risk has been resolved.

We do not offer rewards for reporting security risks.

2. Contact

For any inquiries or additional information regarding our responsible disclosure policy, please contact security@ducata.com.

PreviousUSD Price OracleNextLicense

Last updated