Have you heard of RFC 9116? If not, I understand. I don't really know anything by RFC numbering and that is ok. RFC 9116 is a document put out by the Internet Engineering Task Force (IETF) related to vulnerability disclosure. It is important to note that this is not a standard, but for informational purposes only. So what does it do? The focus of this document is on the security.txt file and the format of it. Security.txt is a simple text file that helps an organization describe their … [Read more...] about Security.txt for Vulnerability Disclosure
security.txt
Overview of Web Security Policies
A vulnerability was just identified in your website. How would you know? The process of vulnerability disclosure to an organization is often very difficult to identify. Whether you are offering any type of bounty for security bugs or not, it is important that there is a clear path for someone to notify you of a potential concern. Unfortunately, the process is different on every application and it can be very difficult to find it. For someone that is just trying to help out, it can be very … [Read more...] about Overview of Web Security Policies