Notes welcome: security.txt as an invitation for vulnerability discoverers

Share your love

Table of Contents

Some well-known companies and platforms such as Facebook, Google or LinkedIn, but also US government agencies and public institutions, have them on their web servers: a file called security.txt. Consisting of a few short lines of text, it opens a door for security researchers and can at the same time help to quickly put a stop to threats.

More about encryption and security:

security.txt is a project that was launched in 2017, which aims to facilitate contact when vulnerabilities are found on the basis of a uniform format and storage location and with mandatory information about important information. At the same time, a well-maintained security.txt sends a positive and important signal: “We welcome your tips – don’t be afraid to share your discoveries with us immediately and directly”.

This article explains the background and syntax of the proposed Internet standard. It explains how, as a company or private person, you can create your own security.txt file with little effort. Security researchers learn where to find the file and what to do with the information it contains.

  • Access to all heise + content
  • exclusive tests, advice & backgrounds: independent, critically well-founded
  • Read c’t, iX, MIT Technology Review, Mac & i, Make, c’t photography directly in your browser
  • register once – read on all devices – can be canceled monthly
  • first month free, then monthly from € 9.95
  • Weekly newsletter with personal reading recommendations from the editor-in-chief

Start FREE month

Start your FREE month now

Already subscribed to heise +?

Sign up and read

Register now and read articles right away

More information about heise +

Article Source

Read Also   Hacker conference rC3: Over 300 gigabits of bandwidth, 200 terabytes for streaming
Share your love