Faster alerted to a security breach with security.txt

Ethical hackers are constantly scanning the Internet for security leaks. However, it is often not clear who within an organization they should inform in the event of a leak. To simplify this, there is a new Internet standard that allows institutions to be informed more quickly: security.txt.

What is security.txt?

Security.txt is a standardized text file with contact information that you place on your Web server. With this information security researchers can directly contact the appropriate department or person within your organization about vulnerabilities they find in your website or IT systems. This allows you as an institution to fix the vulnerabilities found more quickly, giving malicious parties less opportunity to exploit them. See SURF's security.txt example.

Security.txt added as standard to 

Security.txt has been added as a new test component to - an initiative of the Internet Standards Platform in which SURF is one of the participating parties. This site tests whether your website, mail or Internet connection uses modern Internet standards. The test checks whether the security.txt file is present on the domain name under test and whether the information included has the correct format.

For more information about security.txt and how to implement it, visit