Say hello to security.txt
▻https://scotthelme.ghost.io/say-hello-to-security-txt
Security is a difficult process and organisations don’t always get it right, I think everyone can agree on that. What’s important though is that when things inevitably do go wrong, those who want to contact you and let you know there is a problem can do so quickly and easily. This is what security.txt aims to allow.
Responsible Disclosure I’ve been doing security research for a few years now and in that time I’ve had to reach out and contact numerous organisations to let them know they have a serious problem. I’ve found issues in ISP issued hardware like the EE BrightBox router (twice), holiday booking websites like Hotel Hippo and even utility providers like Ecotricity. Bad things happen and organisations need to respond quickly to resolve them but one things that’s always slowed (...)