Looks like the Dutch government has recently mandated usage of security.txt on public service websites through their “Comply or Explain Policy”. Very cool. Having a security.txt file gives security researchers, or generally anyone on the internet, a reliable way to get in contact with you if they find a security vulnerability on your website. We’ve recommended the same thing along with having a dedicated security@ email alias on our blog post Fixing vulnerabilities and getting the occasional white hat helper.
SecurityTXT - https://securitytxt.org/