The Digital Standard is an ambitious, community-led effort to build a framework to test and rate products and services on the basis of privacy, security, and data practices.
Creative Commons Attribution 4.0 International
127
stars
43
forks
source link
Add an indicator and procedure to check for security.txt #187
This check should be in the existing section on Vulnerability disclosure program:
The precise location of this new indicator should be under this Criteria:
Security > Data Security > Vulnerability disclosure program > The company is willing and able to address reports of vulnerabilities.
Indicator: The company publishes a security.txt file in the .well-known directory that contains relevant contact information for security researchers
Procedure: Check the web site of the company for the presence of a security.txt file.
Procedure: Check the privacy policy, terms of service, or some other legally binding document for information about the location of the security.txt file
This check should be in the existing section on Vulnerability disclosure program:
The precise location of this new indicator should be under this Criteria: Security > Data Security > Vulnerability disclosure program > The company is willing and able to address reports of vulnerabilities.
security.txt
file in the.well-known
directory that contains relevant contact information for security researcherssecurity.txt
file.security.txt
file