Add a security.txt file to your website

Looks like the Dutch government has recently mandated usage of security.txt on public service websites through their “Comply or Explain Policy”. Very cool. Having a security.txt file gives security researchers, or generally anyone on the internet, a reliable way to get in contact with you if they find a security vulnerability on your website. We’ve recommended the same thing along with having a dedicated security@ email alias on our blog post Fixing vulnerabilities and getting the occasional white hat helper.

Blog post - https://kinde.com/blog/security/fixing-vulnerabilities-and-getting-the-occasional-white-hat-helper/

SecurityTXT - https://securitytxt.org/

Dutch press - https://www.digitaltrustcenter.nl/nieuws/securitytxt-verplicht-voor-overheid

  1. 4

    Really helpful! Thanks for the info @alexander748923

  2. 2

    Very helpful! Also found another example in the wild: Supabase website has security.txt too

  3. 2

    Thanks for sharing. I am also facing the same problem on my client's site. Now resolved the error after reading this articles

  4. 2

    Do you think this should be a standard for all websites? Or just a certain type/scale of site?

    1. 1

      its for all websites. i tested it personally on my site

    2. 1

      @Crumb4059 I think everyone of any size. Anyone's website can have a vulnerability and you'd rather be told about it by someone friendly. Setting up a security.txt file is quick and simple. When you start getting larger or start working with more sensitive data, then you can move to bigger things like a bug bounty program.

  5. 2

    This is really cool, and I'm going to do the same!
    Thanks for sharing!

  6. 1

    Facing same problem again

  7. 1

    I had it a while ago on webtoapp.design. I removed it again though because I kept getting spam and since then everything is back to normal.

    1. 1

      Reminded me on an older article also discussing the level of spam that this could cause and probably something I should have highlighted.


Trending on Indie Hackers
10 lessons from reaching $100,000 in 16 months 26 comments Dozens of indie hackers share what their workspaces look like 21 comments From $0 to $22M ARR in 5 years. Here's a peek at Guillaume Moubeche's finances. 18 comments My rollercoaster journey from $0 to $1k/mo, all the way to $30k/mo, and then failure (back to $0/mo) 14 comments Any feedback on my website would be great! We're launching very soon! 14 comments Not sure if i should continue working on my saas idea 12 comments