Skip to main content

*

Vulnerability Disclosure Program

We take the security of our learning platform and community seriously. If you believe you've found a security vulnerability, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

Scope

This policy applies to the following:

  • duckurity.com (main website)
  • Any subdomains of duckurity.com
  • Public repositories at github.com/duckurity

Reporting a Vulnerability

Please report security vulnerabilities to:

Please include the following information in your report:

  • Type of vulnerability
  • Step-by-step instructions to reproduce the issue
  • Potential impact of the vulnerability
  • Any suggested fixes (optional)

Guidelines

When testing for vulnerabilities, please:

  • + Make a good faith effort to avoid privacy violations and disruption to others
  • + Only interact with accounts you own or with explicit permission
  • + Do not access or modify other users' data
  • + Give me reasonable time to respond before disclosing publicly
  • - Do not exploit the vulnerability beyond what is necessary to demonstrate it
  • - Do not perform automated scanning without prior approval
  • - Do not attempt social engineering, phishing, or physical attacks

What to Expect

  • I will acknowledge receipt of your report within 48 hours
  • I will provide a more detailed response within 7 days
  • I will work to validate and fix the issue as quickly as possible
  • I will keep you informed about the progress
  • I will credit you for the discovery (if you wish) once the issue is resolved

Safe Harbor

I support safe harbor for security researchers who:

  • Make a good faith effort to comply with this policy
  • Report vulnerabilities responsibly
  • Do not exploit vulnerabilities beyond demonstrating the issue

I will not pursue legal action against researchers who follow these guidelines.

Acknowledgments

I'd like to thank the following security researchers for responsibly disclosing vulnerabilities:

No vulnerabilities have been reported yet.

Policy Updates

This policy may be updated from time to time. Please check back periodically for any changes. The security.txt file will always point to the latest version of this policy.

Last updated: November 28, 2025