Security.txt Standard Proposed, Similar To Robots.txt

An anonymous reader writes: Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers...

For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue. According to the current security.txt IETF draft, website owners would be able to create security.txt files that look like this:

#This is a comment
Contact: security@example.com
Contact: +1-201-555-0123
Contact: https://example.com/security
Encryption: https://example.com/pgp-key.tx...
Acknowledgement: https://example.com/acknowledg...
Disclosure: Full

Example

[Artem+S.+Tashkinov]

The example.com domain is getting abused again and again. I almost pity its owners.

Re:Spam!

No, the security.txt file will be excluded from crawling via the robots.txt file

Rewolve?

[glitch!]

...who should be competent enough to get the information to a qualified person to rewolve the issue.

Thanks for mentioning that. I totally missed the lycantrhopy part.

Re:Spam!

[fahrbot-bot]

Yay! Zillions of more juicy Email addresses and phone numbers to collect and spam! Robots will sweep up all that data and hammer the "contacts" to death.

Just exclude the "security.txt" file in the "robots.txt" file - problem solved. :-)

Re:Spam!

[jmccue]

For US sites, how about adding the Admin's SSN, their address and their Mother's Maiden names ? That way we can really know the file is genuine