Convert Figma logo to code with AI

securitytxt logosecurity-txt

A proposed standard that allows websites to define security policies.

1,777
68
1,777
19
View on GitHub

Top Related Projects

securitytxt's avatar

security-txt

1,778

A proposed standard that allows websites to define security policies.

Quick Overview

The securitytxt/security-txt repository is a project that defines a standard format for security.txt files. These files allow websites to define security policies and provide contact information for security researchers to report vulnerabilities. The project aims to create a uniform way for organizations to communicate their security practices and disclosure procedures.

Pros

  • Standardizes security contact information across websites
  • Simplifies the process for security researchers to report vulnerabilities
  • Encourages organizations to be more transparent about their security practices
  • Easy to implement and maintain

Cons

  • Adoption rate may vary, limiting its effectiveness
  • Potential for misuse if not properly secured or validated
  • May not cover all possible security scenarios or policies
  • Requires regular updates to maintain accuracy

Getting Started

To implement security.txt for your website:

  1. Create a text file named security.txt
  2. Add relevant fields such as Contact:, Expires:, and Encryption:
  3. Place the file in the .well-known directory of your web root
  4. Ensure the file is accessible via HTTPS

Example security.txt file:

Contact: mailto:security@example.com
Expires: 2023-12-31T23:59:59+00:00
Encryption: https://example.com/pgp-key.txt
Acknowledgments: https://example.com/hall-of-fame
Policy: https://example.com/security-policy

Make sure to keep the information up-to-date and verify that the file is properly served over HTTPS.

Competitor Comparisons

securitytxt logo

security-txt

1,778

A proposed standard that allows websites to define security policies.

Pros of security-txt

  • More active development and recent updates
  • Larger community and contributor base
  • Better documentation and examples

Cons of security-txt

  • Potentially more complex implementation
  • May have more dependencies or requirements
  • Could be overkill for smaller projects

Code Comparison

security-txt:

Contact: mailto:security@example.com
Expires: 2023-12-31T23:59:59.000Z
Encryption: https://example.com/pgp-key.txt
Acknowledgments: https://example.com/hall-of-fame
Preferred-Languages: en, es
Canonical: https://www.example.com/.well-known/security.txt

security-txt:

Contact: mailto:security@example.com
Expires: 2023-12-31T23:59:59.000Z
Encryption: https://example.com/pgp-key.txt
Acknowledgments: https://example.com/hall-of-fame
Preferred-Languages: en, es
Canonical: https://www.example.com/.well-known/security.txt

Summary

Both security-txt repositories appear to be identical in terms of their content and purpose. They both implement the security.txt standard, which is a proposed standard for websites to communicate their security policies. The code comparison shows that the structure and fields used in both repositories are the same. This suggests that there may not be significant differences between the two repositories, and they might be mirrors or forks of the same project. Users should investigate further to determine if there are any meaningful distinctions between the two repositories before choosing one over the other.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

security.txt provides a way for websites to define security policies. The security.txt file sets clear guidelines for security researchers on how to report security issues. security.txt is the equivalent of robots.txt, but for security issues.

“ When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.”

RFC and Extensions Registry

The definitive reference on security.txt and how it is used can be found in RFC 9116.

Extensions to security.txt can be found in an IANA registry

Website

Project website: https://securitytxt.org/ (https://github.com/securitytxt/securitytxt.org)

Security.txt GitHub Organization

https://github.com/securitytxt/

Frequently asked questions

What is the main purpose of security.txt?

The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.

Is security.txt an RFC?

Yes, it was published by the IETF as RFC 9116. There is also a related IANA registry.

Information about previous drafts can be found in the "archived" folder and at the IETF's Datatracker website.

Where should I put the security.txt file?

For websites, the security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615]. It can also be placed in the root directory (/security.txt) of a website, especially if the /.well-known/ directory cannot be used for technical reasons, or simply as a fallback. Please consult section 3 of RFC 9116 for details.

Are there any settings I should apply to the file?

The security.txt file should have an Internet Media Type of text/plain and must be served over HTTPS.

Will adding an email address expose me to spam bots?

The email value is an optional field. If you are worried about spam, you can set a URI as the value and link to your security policy.

Code of conduct

To maintain an orderly, productive, and fun environment, the security.txt project have a few guidelines that we ask people to adhere to when they are participating in contributing to the project. These guidelines apply equally to everyone within the security.txt project. Likewise, they apply to all spaces managed by the security.txt project, both online and offline. This includes GitHub repositories, chat rooms, in-person events, and any other communication channels.

  • Be welcoming, friendly, patient, and kind.
  • Be respectful.
  • Be cautious with how you word things. Our goal is to remain professional.
  • When we disagree, try to understand why.
  • Direct contributions to the specification will only be accepted from individuals [1]. The security.txt project will not accept contributions to the specification in the name of an organisation. This is to ensure that the specifications and tools remain as neutral as possible.
  • Registering an account on any service in the name of the security.txt project must be clearly communicated via the team first.

Contributing

Contributions from the public are welcome.

Using the issue tracker 💡

The issue tracker is the preferred channel for bug reports and features requests. GitHub issues

Issues and labels 🏷

The bug tracker utilizes several labels to help organize and identify issues.

Guidelines for bug reports 🐛

Use the GitHub issue search — check if the issue has already been reported.