User:Amalmurali47/sandbox

security.txt is a text file used by websites to describe the process for security researchers to follow in order to report security vulnerabilities. security.txt files are placed under the  path or top-level directory of a website; e.g. https://example.com/.well-known/security.txt or https://example.com/security.txt.

History
The Internet Draft was first submitted by Edwin Foudil in September 2017. Yakov Shafranovich is the co-author of the draft as of version 02.

As of February 2018, both Google and Facebook serve a security.txt file.

File structure
The file consists of 7 directives:


 * Contact: A link or e-mail address for people to contact the website owner about security issues.
 * Encryption: A link to an encryption key belonging to the website owner.
 * Acknowledgments: A link to a web page where security researchers are recognized for their contributions.
 * Preferred-Languages: A comma-separated list of language codes that the security team speaks.
 * Canonical: The most common URL for accessing your security.txt file. This directive is used when digitally signing a security.txt file.
 * Policy: A link to a policy detailing what security researchers should do when searching for or reporting security issues.
 * Hiring: A link to any security-related job openings in an organization.

Contact: security@example.com
 * 1) Our security address

Encryption: https://example.com/pgp-key.txt
 * 1) Our PGP key

Encryption: https://example.com/security-policy.html
 * 1) Our security policy

Acknowledgement: https://example.com/hall-of-fame.html
 * 1) Our security acknowledgements page

Signature: https://example.com/.well-known/security.txt.sig
 * 1) Verify this security.txt file