Security.txt: enhancing your website’s security

With rapid evolutions happening left and right in the current digital era, securing your online assets is extremely important. The publication of RFC 9116 in April 2022 is an important step forward in this. This proposal, known as security.txt, provides website owners and organizations with a new, standardized means of publishing their vulnerability disclosure policies and contact details.

Understanding security.txt: what it is and how it works

In short, security.txt is a file written in a special text format that’s understandable by both machines and humans. Easy to create and publish, the file provides a clear format for an organization to communicate about its current vulnerability policies. On top of that, security.txt also serves as a means to share their contact info with security investigators and ethical hackers.

The widespread use and adoption of security.txt is beneficial both for individual organizations as well as for the safety of the Internet at large. Increased adoption of security.txt is expected to encourage reporting and therefore reduce the number of incidents.

The creation and publication of a security.txt file is a simple process and an easily accessible security measure for all organizations. The format of the file consists only of a series of text lines. Each of these lines contains a field name and a field value. The file is always published at the following address: https://yourdomain.com/.well-known/security.txt. You can easily generate your own security.txt file at securitytxt.org. 

Why utilize security.txt: advantages and impact

The beauty of security.txt lies in its potential to encourage the reporting of vulnerabilities, which will help reduce security incidents. More frequently than ever, security researchers find vulnerabilities in platforms, which could include yours. However, they struggle to inform the asset owner, because there is no adequate contact information or disclosure policy available on the site. By implementing security.txt, organizations alleviate the issue, which in turn improves their online defenses.

By adding a security.txt file to your website, you underscore your company’s commitment to a safer internet of tomorrow. It signals an open, transparent approach to dealing with vulnerabilities, positioning your organization as a place for trust. 

Openprovider and security.txt: embracing the future of online security

At Openprovider, we understand like no other that vulnerabilities are all around us. However, it is our job to stay in front and up-to-date. We firmly believe in the potential of security.txt to contribute to a safer internet ecosystem and therefore encourage you, and all domain owners, to implement this simple yet effective tool. You can easily generate your own security.txt file at securitytxt.org and publish it on your website today. 

Openprovider has already published a security.txt file on our own website. We hope that more domain owners will follow in our footsteps in the future. If you have any questions or doubts about this, you can find the answers to some frequently asked questions on securitytxt.org.