security.txt does not include an Expires field

ministryofjustice / security-guidance

Security guidance from the MOJ Digital & Technology Cybersecurity team

https://ministryofjustice.github.io/security-guidance/

Other

22 stars 25 forks source link

security.txt does not include an Expires field #411

Closed townxelliot closed 1 year ago

townxelliot commented 1 year ago

Team

Make an LPA Live team, OPG

User needs

I expect that the security.txt file provided in security guidance includes an Expires field

So that it complies with the proposed [securitytxt standard](https://securitytxt.org/) for this file.

We redirect our .well-known/security.txt to the security guidance security.txt file. However, this file does not comply with the proposed standard (due to a missing Expires field), and we therefore still get an advisory notice from the Active Cyber Defence Hub about our security.txt file.

warmanaMOJ commented 1 year ago

Hello,

Thank you for your message.

A more recent security.txt file can be found in the main branch, here: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt

It does include an Expires field, so should address the issue.

I hope that helps.

townxelliot commented 1 year ago

Thanks for the update.