The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.
security.txt is currently an Internet draft that has been submitted for RFC review. This means that security.txt is still in the early stages of development. We welcome contributions from the public: https://github.com/securitytxt/security-txt
The security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC5785].
The email value is an optional field. If you are worried about spam, you can set a URI as the value and link to your security policy.
There are lots of tools and projects to make setting up and maintaining security.txt files really simple.View security.txt-related projects
Donations will be used to pay bug bounties to individuals who report valid security vulnerabilities in the security.txt project, and to cover the hosting costs.Donate