Cloudflare has released a tool for managing the security.txt file, which contains important information about a website's security, including its vulnerabilities.
The security.txt file is a standard for open communication between site owners and security researchers. Moreover, it provides official data on vulnerabilities and the ability to avoid legal problems associated with the discovery of said vulnerabilities for site owners.
The setup wizard is disabled by default, but it can be found in the Security > Settings section and resides by default in /.well-known/. Once this option is enabled, users will be presented with a form for creating and managing security.txt. To customize the file without attracting spam bots, three options have been added to the Contact field: phone number, email address, and a link.
The security.txt initiative appeared back in 2020, which included a technical guide for deploying and updating the file, as well as the open source Worker (for local deployment) where the initiative was launched.
The use and proper configuration of security.txt can improve the security of your website through the activity of security researchers, detect vulnerabilities in time, and automate repetitive tasks.
