{"id":13582667,"url":"https://github.com/securitytxt/security-txt","last_synced_at":"2026-02-05T14:02:39.321Z","repository":{"id":41309025,"uuid":"100140356","full_name":"securitytxt/security-txt","owner":"securitytxt","description":"A proposed standard that allows websites to define security policies.","archived":false,"fork":false,"pushed_at":"2022-12-09T14:58:11.000Z","size":554,"stargazers_count":1829,"open_issues_count":19,"forks_count":76,"subscribers_count":59,"default_branch":"master","last_synced_at":"2025-07-08T09:53:52.335Z","etag":null,"topics":["ietf","ietf-rfcs","infosec","internet-draft","issue-tracker","policy","security","standard"],"latest_commit_sha":null,"homepage":"https://securitytxt.org","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/securitytxt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["securitytxt","EdOverflow"]}},"created_at":"2017-08-12T22:14:46.000Z","updated_at":"2025-07-05T09:02:15.000Z","dependencies_parsed_at":"2023-01-25T22:16:41.530Z","dependency_job_id":null,"html_url":"https://github.com/securitytxt/security-txt","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/securitytxt/security-txt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitytxt%2Fsecurity-txt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitytxt%2Fsecurity-txt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitytxt%2Fsecurity-txt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitytxt%2Fsecurity-txt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/securitytxt","download_url":"https://codeload.github.com/securitytxt/security-txt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitytxt%2Fsecurity-txt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29123582,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T13:58:18.919Z","status":"ssl_error","status_checked_at":"2026-02-05T13:57:56.289Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ietf","ietf-rfcs","infosec","internet-draft","issue-tracker","policy","security","standard"],"created_at":"2024-08-01T15:02:55.477Z","updated_at":"2026-02-05T14:02:39.296Z","avatar_url":"https://github.com/securitytxt.png","language":"HTML","readme":"\u003cp align=\"center\"\u003e\u003cimg src=https://avatars2.githubusercontent.com/u/32488600?s=100\u0026v=4\u003e\u003c/p\u003e\n\nsecurity.txt provides a way for websites to define security policies.\nThe security.txt file sets clear guidelines for security researchers on how to report security issues.\nsecurity.txt is the equivalent of `robots.txt`, but for security issues.\n\n\u003e β€œ When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a format (\"security.txt\") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.”\n\n---\n\n# RFC and Extensions Registry\nThe definitive reference on security.txt and how it is used can be found in\n[RFC 9116](https://www.rfc-editor.org/info/rfc9116).\n\nExtensions to security.txt can be found in\n[an IANA registry](https://www.iana.org/assignments/security-txt-fields/security-txt-fields.xhtml#security-txt-fields)\n\n# Website\nProject website: https://securitytxt.org/ (https://github.com/securitytxt/securitytxt.org)\n\n# Security.txt GitHub Organization\n\nhttps://github.com/securitytxt/\n\n# Frequently asked questions\n\n**What is the main purpose of security.txt?**\n\nThe main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.\n\n**Is security.txt an [RFC](https://en.wikipedia.org/wiki/Request_for_Comments)?**\n\nYes, it was published by the IETF as [RFC 9116](https://www.rfc-editor.org/info/rfc9116).\nThere is also [a related IANA registry](https://www.iana.org/assignments/security-txt-fields/security-txt-fields.xhtml#security-txt-fields).\n\nInformation about previous drafts can be found in the \"archived\" folder and\nat [the IETF's Datatracker website](https://datatracker.ietf.org/doc/rfc9116/).\n\n**Where should I put the security.txt file?**\n\nFor websites, the security.txt file should be placed under the `/.well-known/` path\n(`/.well-known/security.txt`) [[\u003cabbr title=\"Request For Comments\"\u003eRFC\u003c/abbr\u003e8615](https://tools.ietf.org/html/rfc8615)].\nIt can also be placed in the root directory (`/security.txt`) of a website, especially\nif the `/.well-known/` directory cannot be used for technical reasons, or simply as a fallback.\nPlease consult [section 3 of RFC 9116 for details](https://www.rfc-editor.org/rfc/rfc9116.html#name-location-of-the-securitytxt).\n\n**Are there any settings I should apply to the file?**\n\nThe security.txt file should have an Internet Media Type of `text/plain` and must be served over HTTPS.\n\n**Will adding an email address expose me to spam bots?**\n\nThe email value is an optional field. If you are worried about spam, you can set a URI as the value and link to your security policy.\n\n# Code of conduct\n\nTo maintain an orderly, productive, and fun environment, the _security.txt_ project have a few guidelines that we ask people to adhere to when they are participating in contributing to the project. These guidelines apply equally to everyone within the _security.txt_ project. Likewise, they apply to all spaces managed by the _security.txt_ project, both online and offline. This includes GitHub repositories, chat rooms, in-person events, and any other communication channels.\n\n- Be welcoming, friendly, patient, and kind.\n- Be respectful.\n- Be cautious with how you word things. Our goal is to remain professional.\n- When we disagree, try to understand why.\n- Direct contributions to the specification will only be accepted from individuals \u003csup\u003e[[1]](https://en.oxforddictionaries.com/definition/individual)\u003c/sup\u003e. The _security.txt_ project will not accept contributions to the specification in the name of an organisation. This is to ensure that the specifications and tools remain as neutral as possible.\n- Registering an account on any service in the name of the _security.txt_ project must be clearly communicated via the team first.\n\n# Contributing\n\nContributions from the public are welcome.\n\n### Using the issue tracker πŸ’‘\n\nThe issue tracker is the preferred channel for bug reports and features requests. [![GitHub issues](https://img.shields.io/github/issues/securitytxt/security-txt.svg?style=flat-square)](https://github.com/securitytxt/security-txt/issues)\n\n### Issues and labels 🏷\n\nThe bug tracker utilizes several labels to help organize and identify issues.\n\n### Guidelines for bug reports πŸ›\n\nUse the GitHub issue search β€” check if the issue has already been reported.\n","funding_links":["https://github.com/sponsors/securitytxt","https://github.com/sponsors/EdOverflow"],"categories":["HTML","HTML (17)","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e攢集","HTML (177)","Hardening"],"sub_categories":["Ghidra"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecuritytxt%2Fsecurity-txt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecuritytxt%2Fsecurity-txt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecuritytxt%2Fsecurity-txt/lists"}