security.txt

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

security.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities.[1][2] The standard prescribes a text file called "security.txt" that is similar to robots.txt but intended to be read by humans wishing to contact a website's owner about security issues.[3]

History[edit]

The Internet Draft was first submitted by Edwin Foudil in September 2017.[1] At that time it covered four directives, "Contact", "Encryption", "Disclosure" and "Acknowledgement". Foudil expected to add further directives based on feedback.[2]. At that time, web security expert Scott Helme said he had seen positive feedback from the security community while use among the top 1 million websites was "as low as expected right now".[1]

See also[edit]

References[edit]

  1. ^ a b c at 13:47, John Leyden 3 Jan 2018. "Bug-finders' scheme: Tick-tock, this tech's tested by flaws.. but who the heck do you tell?". www.theregister.co.uk. Retrieved 2019-04-14.
  2. ^ a b "Security.txt Standard Proposed, Similar to Robots.txt". BleepingComputer. Retrieved 2019-04-14.
  3. ^ "The Telltale Text File: Security Researcher Proposes Standard for Reporting Vulnerabilities". Security Intelligence. Retrieved 2019-04-14.

External links[edit]