security.txt

I’ve discovered an interesting feature. If someone find a security issue on my website there is no way to tell him the procedure to contact me. Or so it was the case, if i write a file called security.txt according to the RFC9116 and drop it in the .well-known folder everyone now knows how to contact me for security purpose.

The authors of this RFC have a website to explain the concept and generate the file : https://securitytxt.org/.