security.txt
A Method for Web Security Policies | |
![]() Example security.txt file | |
Status | Published |
---|---|
Year started | 2017 |
First published | September 2017 |
Latest version | 07 July 2019 |
Authors | Edwin Foudil |
Website | securitytxt |
security.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities.[1][2] The standard prescribes a text file called "security.txt" that is similar to robots.txt but intended to be read by humans wishing to contact a website's owner about security issues.[3]
History
The Internet Draft was first submitted by Edwin Foudil in September 2017.[1] At that time it covered four directives, "Contact", "Encryption", "Disclosure" and "Acknowledgement". Foudil expected to add further directives based on feedback.[2] At that time, web security expert Scott Helme said he had seen positive feedback from the security community while use among the top 1 million websites was "as low as expected right now".[1]
See also
References
- ^ a b c at 13:47, John Leyden 3 Jan 2018. "Bug-finders' scheme: Tick-tock, this tech's tested by flaws.. but who the heck do you tell?". www.theregister.co.uk. Retrieved 2019-04-14.
{{cite web}}
: CS1 maint: numeric names: authors list (link) - ^ a b "Security.txt Standard Proposed, Similar to Robots.txt". BleepingComputer. Retrieved 2019-04-14.
- ^ "The Telltale Text File: Security Researcher Proposes Standard for Reporting Vulnerabilities". Security Intelligence. Retrieved 2019-04-14.