Add security.txt file
The IETF released a draft for a standardized file (security.txt
) that contains information on how to disclose security related issues:
“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”
security.txt files have been implemented by Google, Facebook, GitHub, the UK government, and many other organisations. In addition, the UK’s Ministry of Justice, the Cybersecurity and Infrastructure Security Agency (US), the French government, the Italian government, and the Australian Cyber Security Centre endorse the use of security.txt files.
As there is currently no clear indication on QUIQQER websites that we (PCSG) are developing QUIQQER or how to contact us, a security.txt
file should be added.
What do you think about that, @mor & @henbug?
Further information: