security.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called "security.txt" that is similar to robots.txt but intended to be read by humans wishing to contact a website's owner about security issues.
The Internet Draft was first submitted by Edwin Foudil in September 2017. At that time it covered four directives, "Contact", "Encryption", "Disclosure" and "Acknowledgement". Foudil expected to add further directives based on feedback.. At that time, web security expert Scott Helme said he had seen positive feedback from the security community while use among the top 1 million websites was "as low as expected right now".
- at 13:47, John Leyden 3 Jan 2018. "Bug-finders' scheme: Tick-tock, this tech's tested by flaws.. but who the heck do you tell?". www.theregister.co.uk. Retrieved 2019-04-14.
- "Security.txt Standard Proposed, Similar to Robots.txt". BleepingComputer. Retrieved 2019-04-14.
- "The Telltale Text File: Security Researcher Proposes Standard for Reporting Vulnerabilities". Security Intelligence. Retrieved 2019-04-14.