Security.txt wants to bring order to the chaos of responsible disclosure

As of this month, security.txt is one step closer to becoming a new internet standard. With such a file on a server, security researchers can more easily report vulnerabilities, but what is the added value of that? The maker himself discovered how annoying the lack of it is.

Nowadays there is little shortage of responsible disclosure policy. A growing number of websites, companies and services now have some option to report a vulnerability in a responsible manner. But exactly that ‘something’ is now starting to become a problem, some security researchers think. That is why they created security.txt. This should ensure more uniformity in security research. As of this month, security.txt is a proposed Internet standard.