If you discover a security vulnerability in DutyDuke, please report it responsibly.

Email: incident@bitnoise.pl

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 5 business days
• Fix timeline: Depends on severity, typically within 30 days

This policy applies to the latest release of DutyDuke on the main branch.

We follow coordinated disclosure. Please do not publicly disclose vulnerabilities until a fix has been released.