So, I stumbled into this neat idea on /r/programming today
The idea is to create this standard where websites publish a simple text file under the URI /.well-known/security.txt with links to the company's security policy, specialized contact information, GPG keys for secure communication, etc. This can be used by security researchers and bounty hunters to reach official contacts about vulnerabilities on the website.
security.txt: Proposed standard for defining security policies
A proposed standard that allows websites to define security policies.
securitytxt.org
The idea is to create this standard where websites publish a simple text file under the URI /.well-known/security.txt with links to the company's security policy, specialized contact information, GPG keys for secure communication, etc. This can be used by security researchers and bounty hunters to reach official contacts about vulnerabilities on the website.