Recently, the Internet Engineering Steering Group (IESG) released the final draft network vulnerability disclosure standards Security.txt, the network security policy designed to enable researchers to easily disclose the vulnerability as much as possible.
Security industry wide concern IESG vulnerability disclosure standard will soon become the site of all vulnerabilities disclosed recommended reporting standards. After entering the final review stage, can submit comments within less than a month to interested parties standards.
Standard recommend "approach Web security policy" aimed at improving communication channels independent security researcher for the current open Web services vulnerabilities. The standard implementation is very simple: the organization and site administrators need to standardize file Security.txt on the site specified directory path. Security researchers can contact us through this file and easily with the company.
The proposed standard GitHub page display, Security.txt document provides clear guidance on how to report security issues to security researchers, and allows the definition of the scope of the vulnerability reward program. Due to the lack of clear rules and regulations, researchers generally not been able to secure the security breach notification tissue.