security.txt – A proposed standard for defining security policies

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

  • Larger Font Styles

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)



Active member
Oct 25, 2020
So, I stumbled into this neat idea on /r/programming today :D

The idea is to create this standard where websites publish a simple text file under the URI /.well-known/security.txt with links to the company's security policy, specialized contact information, GPG keys for secure communication, etc. This can be used by security researchers and bounty hunters to reach official contacts about vulnerabilities on the website.