#Cloudflare Advocates for Broader Adoption of #securitytxt Standard for Vulnerability Reporting

https://www.infoq.com/news/2024/11/cloudflare-security-txt/

Als ethische hackers een beveiligingslek vinden in je bedrijfsnetwerk, dan wil je dat meteen weten. Bij wie kunnen ze dit melden?

Daarvoor is security.txt: een eenvoudig tekstbestand op je webserver met de contactgegevens van jouw IT-verantwoordelijke.

Inmiddels is er ook een security.txt WordPress-plugin beschikbaar gesteld voor eindgebruikers en registrars.

Meer over security.txt

https://www.digitaltrustcenter.nl/securitytxt

Meer over de WordPress-plugin

https://www.verenigingvanregistrars.nl/nieuws/update-security-txt/

Friends of #InfoSec I would like for some help! I would like to see your security.txt’s!

I am working with a lot of really small companies that will benefit from a good security.txt and if any group of people has good ones I know its gonna be here!

I already use and share https://securitytxt.org/ as well as the RFC https://www.rfc-editor.org/rfc/rfc9116

If you are a PenTester/Researcher, you should get a say too! What do you want in a security.txt file? What other updates should small orgs be adding to help you help us?

Herken je dit? Je meldt een probleem, maar wordt van het kastje naar de muur gestuurd. Beveiligingsonderzoekers en ethisch hackers ervaren dit dagelijks. Gelukkig is er een oplossing: security.txt!

Security.txt zorgt ervoor dat beveiligingsmeldingen altijd bij de juiste persoon terechtkomen. Wil je weten hoe je jouw website hiermee beter kunt beschermen? Lees ons nieuwste blog op bit.nl

https://www.bit.nl/news/3560/293/Waarom-iedere-website-een-security.txt-nodig-heeft

@neil Yes, as anyone should! I’ve written about it, convinced a vendor to create one, and even made a #PowerShell module to fetch and parse them: https://github.com/rhymeswithmogul/SecurityTxtToolkit #SecurityTxt

As a maintainer of open-source software, I want to provide ways to disclose vulnerabilities. I already have a SECURITY.md in all my repositories on GitHub. There is a copy of it on my website (https://cj.rs/open-source/docs/security/), because why website hosts homepages for my projects.

Today, I’ve added a security.txt file (https://securitytxt.org/) in the standard location: https://cj.rs/.well-known/security.txt

Security.txt is een eenvoudig tekstbestand waarin organisaties hun 'responsible disclosure’-beleid en contactpersonen kunnen publiceren.

De toepassing van #securitytxt wordt waarschijnlijk vanaf de eerste helft van volgend jaar toegevoegd aan de Registrar Scorecard (RSC). Dat betekent dat er dan een financiële korting wordt geven op domeinnamen waarvan de website een geldig en bruikbaar security.txt-bestand aanbiedt.

Meer informatie

https://www.digitaltrustcenter.nl/nieuws/sidn-introduceert-incentive-om-gebruik-van-securitytxt-te-stimuleren

Does anyone know how to reach a human at #NextDNS? I'm a paying customer, but I'm unable to sign up for their support forums due to an error (yes, they require a *second* login). They also don't have a "security.txt" file that I can use.

They're blocking my domain to tell me they're not blocking my domain. Literally. I've reset all my #DNS caches and even slept for eight hours, to no avail.

I restored to emailing the owner of the company through the email address on his GitHub profile. It's that mis-managed over there. I think I want my money back.

(Note: I changed Firefox to use Cloudflare's DoH to post this.)

Je ne trouve pas un seul #média français, grand ou petit, qui ait un moyen de contact spécifique pour signaler les problèmes de sécurité informatique sur leur site web (ni /.well-known/security.txt[1] ni mention sur la page ou le formulaire de contact). Rarement, il y a une option « problème technique » dans le formulaire, mais rien de plus spécifique.

@davduf @reflets @mediapart @blast_info @bastamedia @LeMediaTV @lesjoursfr @mdiplo @lemonde

[1] https://securitytxt.org/
Exemple : https://www.nytimes.com/.well-known/security.txt

Ein erster Hinweis darauf, ob ein Unternehmen, eine Institution, ein Websitebetreiber etc. an Responsible Disclosure interessiert ist, ist eine security.txt. Meist zu finden unter /security.txt oder /.well-known/security.txt.

https://securitytxt.org/

I don't care if your turnover is in the Thousands, Millions, or Billions. Please, Put up a #securitytxt

Let us good guys help you out.

Wil je sneller op de hoogte zijn van #beveiligingslekken binnen je organisatie? Gebruik security.txt om dreigingsinformatie sneller op de juiste plek te ontvangen.

Meer weten? Je kunt nu in 8 minuten alles over #securitytxt leren bij @SIDNlabs.

Meer over security.txt

https://digitaltrustcenter.nl/securitytxt

Volg de gratis microlearning van SIDN

https://academy.sidn.nl/do?action=home

#Development #Explorations
Do breached sites take security seriously? · Let’s find out if compromised websites have a security.txt file now https://ilo.im/14dnqq

_____
#Security #Website #WebDevelopment #WebDev #Frontend #Backend #HaveIBeenPwned #SecurityHeaders #SecurityTxt

Czym jest security.txt i dlaczego powinien znaleźć się w Twoim serwisie? ( https://nfsec.pl/security/6116 ) #security #securitytxt #twittermigration

Tutkimustulosten valossa laadittua opastusta security.txt:n julkaisemiseen.

https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/haavoittuvuuksien-ilmoittamista-helpottavaa-kaytantoa-ei-viela-taysin-hyodynneta

Are you #CISO, #ISO or simply responsible for IT security in your company? We want to hear from you!

We have reported hundreds of #vulnerabilities to individuals, companies and other organisations over the past few days.

Often we can't find a direct contact on the website. Sending an email to info@example.com tends to send our mail into the ether and we never hear from the company again.

When we inquire about particularly critical cases, we often hear: "Oh, we didn't see that email".

Unfortunately, many companies do not have a "single point of contact" such as a security.txt or bug bounty programme.

Hence our question to you: How would you like us to report vulnerabilities to you?

I have researched RFC 9116 (security.txt) implementation in .fi domains (n=367942) as my 2nd Master's Thesis. Unfortunately it is in Finnish, but it does have an abstract in English & there are deciphering tools like Google Translate. #RFC9116 #securitytxt

https://urn.fi/URN:NBN:fi:amk-202303274242