.well-known security.txt 
Krebs on Security
SEPTEMBER 20, 2021
In a bid to minimize these scenarios, a growing number of major companies are adopting “ Security.txt ,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences. An example of a security.txt file. well-known/security.txt.
Malwarebytes
OCTOBER 7, 2022
This change has improved our response efficiency to two days, and we’re working on getting that even lower: security.txt. To make it easier to submit security vulnerabilities online, we now use the security.txt file standard defined by RFC, 9116. well-known/security.txt. For example: [link].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JUNE 24, 2024
And that's the problem: a data breach circulating broadly on a popular clear web hacking forum doesn't mean the incident is known by the corporate victim. The breach is known, it's been reported in the public domain, but good luck ever getting an email about it yourself. Shame on me for that, but is it any wonder?
Troy Hunt
JANUARY 14, 2018
In that post, I spoke about people giving up when it gets too hard: Many well-intentioned people simply give up and don't report serious security incidents when the effort is too high or the risk is too great. They may adhere to a convention or be published elsewhere on their website: Look for a security.txt file at /.well-known/security.txt
Krebs on Security
FEBRUARY 24, 2020
Holden said the seller of the exploit code — a ne’er-do-well who goes by the nickname “ 500mhz ” –is known for being reliable and thorough in his sales of 0day exploits (a.k.a. A snippet from the documentation provided by 500mhz for the Zyxel 0day. EMOTET GOES IOT?
Expert insights. Personalized for you.
305 
Let's personalize your content