What is a security.txt file?
“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”
security.txt files have been implemented by Google, Facebook, GitHub, the UK government, and many other organisations. In addition, the UK’s Ministry of Justice, the Cybersecurity and Infrastructure Security Agency (US), the French government, the Italian government, and the Australian Cyber Security Centre endorse the use of security.txt files.
Find out much more about the security.txt file and how you or your organization can implement one by visiting the https://securitytxt.org/ website.