Security Policy for Duco Technology Limited


Reporting Security Vulnerabilities

We at Duco take security seriously and welcome the responsible disclosure of security vulnerabilities. If you believe you’ve discovered a security vulnerability in any of our products, services, or systems, we encourage you to disclose it to us in a responsible manner.


Reporting Process

To report a security vulnerability, please contact us via email at [email protected]. When reporting the issue, please provide us with sufficient details to understand and reproduce the vulnerability, including:

  • Description of the vulnerability
  • Steps to reproduce the vulnerability
  • Any relevant supporting material (e.g., screenshots, proof-of-concept code)
  • Your contact information for further communication

Scope

This security policy applies to all products, services, and systems provided by Duco group companies. It covers security vulnerabilities that could compromise the confidentiality, integrity, or availability of our systems or the data they process.


Legal

We will not pursue legal action against security researchers who act in good faith to identify and report security vulnerabilities according to this policy. However, we reserve the right to take appropriate legal enforcement action against those who engage in malicious activities or violate applicable laws.


Acknowledgment

We appreciate the contributions of security researchers who help us improve the security of our products and services. With the permission of the reporter, we may acknowledge their efforts publicly once the reported vulnerability has been resolved.


Contact Information

For security-related inquiries or to report a vulnerability, please contact us at:

Email: [email protected]

Please do not use this email address for general inquiries or support requests. It is intended solely for security-related communication.


Revision History

  • Version 1.0: Initial release (March 15, 2024)