Serving security.txt

The specification for security.txt, to let tools and security researchers know how to report vulnerabilities, is entering its final phase.

Tidelift website

I suggest that you start serving the file from

Example contents:

Preferred-Languages: en

Preferably you also add a digital signature.

Lifted Projects

I think it would also be great if Lifted projects that have their own domain would get a task to add/modify their own file. For our project, we’ve listed tidelift as well as our own contact and policy data.

What do you think?

1 Like

@r.spilker thank you for this amazing feedback! I’ll share with the team and get their thoughts and let you know if we have any questions.