18
10 Comments

Add a security.txt file to your website

Looks like the Dutch government has recently mandated usage of security.txt on public service websites through their “Comply or Explain Policy”. Very cool. Having a security.txt file gives security researchers, or generally anyone on the internet, a reliable way to get in contact with you if they find a security vulnerability on your website. We’ve recommended the same thing along with having a dedicated security@ email alias on our blog post Fixing vulnerabilities and getting the occasional white hat helper.

Blog post - https://kinde.com/blog/security/fixing-vulnerabilities-and-getting-the-occasional-white-hat-helper/

SecurityTXT - https://securitytxt.org/

Dutch press - https://www.digitaltrustcenter.nl/nieuws/securitytxt-verplicht-voor-overheid

  1. 4

    Really helpful! Thanks for the info @alexander748923

  2. 2

    Very helpful! Also found another example in the wild: Supabase website has security.txt too

  3. 2

    Thanks for sharing. I am also facing the same problem on my client's site. Now resolved the error after reading this articles

  4. 2

    Do you think this should be a standard for all websites? Or just a certain type/scale of site?

    1. 1

      its for all websites. i tested it personally on my site

    2. 1

      @Crumb4059 I think everyone of any size. Anyone's website can have a vulnerability and you'd rather be told about it by someone friendly. Setting up a security.txt file is quick and simple. When you start getting larger or start working with more sensitive data, then you can move to bigger things like a bug bounty program.

  5. 2

    This is really cool, and I'm going to do the same!
    Thanks for sharing!

  6. 1

    Facing same problem again

  7. 1

    I had it a while ago on webtoapp.design. I removed it again though because I kept getting spam and since then everything is back to normal.

    1. 1

      Reminded me on an older article also discussing the level of spam that this could cause and probably something I should have highlighted.

      https://krebsonsecurity.com/2021/09/does-your-organization-have-a-security-txt-file/

Trending on Indie Hackers
How I grew a side project to 100k Unique Visitors in 7 days with 0 audience 49 comments Competing with Product Hunt: a month later 33 comments Why do you hate marketing? 29 comments My Top 20 Free Tools That I Use Everyday as an Indie Hacker 17 comments $15k revenues in <4 months as a solopreneur 14 comments Use Your Product 13 comments