Security.txt aims to bring order to the chaos of responsible disclosure
Since this month, security.txt is a step towards becoming a new internet standard. With such a file on a server, security researchers can more easily report vulnerabilities, but what is the added value of that? The maker himself discovered how annoying its lack is.
There is little shortage of responsible disclosure policies these days. A growing number of websites, companies and services now have some means of reporting a vulnerability in a responsible manner. But exactly that ‘something’ is now starting to become a problem, some security researchers think. That is why they have created security.txt. This should ensure more uniformity in security research. As of this month, security.txt is a proposed internet standard.