forked from securitytxt/securitytxt.org
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
143 lines (141 loc) · 11.4 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta content="width=device-width" name="viewport">
<title>security.txt</title>
<meta property="og:site_name" content="Security.txt"/>
<meta property="og:url" content="https://securitytxt.org/" />
<meta property="og:title" content="Security.txt" />
<meta property="og:description" content="Security.txt defines a standard to help organizations define the process for security researchers to securely disclose security vulnerabilities." />
<meta property="og:image" content="https://user-images.githubusercontent.com/18099289/31276079-5714378e-aa9a-11e7-8a98-bf42a302cc6c.png" />
<meta name="twitter:card" content="summary" />
<meta name="description" content="Security.txt defines a standard to help organizations define the process for security researchers to securely disclose security vulnerabilities.">
<link href="css/normalize.css" rel="stylesheet" type="text/css">
<link href="css/skeleton.css" rel="stylesheet" type="text/css">
<link href="css/stylesheet.css" rel="stylesheet" type="text/css">
<link href="css/ionicons.min.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=PT+Serif%7CPlayfair+Display">
<link rel="shortcut icon" type="image/x-icon" href="img/logo.png" />
<meta name="theme-color" content="#6bd3b8" />
</head>
<body>
<div class="section landing">
<div class="wrapper">
<h1>security.txt</h1>
<pre><code># Our security address
Contact: [email protected]
# Our PGP key
Encryption: https://example.com/pgp-key.txt
# Our security policy
Policy: https://example.com/security-policy.html
</code></pre><a class="button button-primary" href="#generate">Generate security.txt file</a> <a class="button" href="#about">Learn more</a>
</div>
</div>
<div class="section" id="about">
<div class="wrapper">
<h5><i>“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. Security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”</i></h5><a class="button" href="https://tools.ietf.org/html/draft-foudil-securitytxt-02">Read the latest draft ➤</a>
</div>
</div>
<div class="section">
<div class="wrapper">
<h3>FAQ</h3>
<h5>What is the main purpose of security.txt?</h5>
<p>The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.</p>
<h5>Is security.txt an <a href="https://en.wikipedia.org/wiki/Request_for_Comments">RFC</a>?</h5>
<p>security.txt is currently an Internet draft that has been submitted for RFC review. This means that security.txt is still in the early stages of development. We welcome contributions from the public: <a href="https://github.com/securitytxt/security-txt">https://github.com/securitytxt/security-txt</a></p>
<h5>Where should I put the security.txt file?</h5>
<p>The security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC5785].</p>
<h5>Will adding an email address expose me to spam bots?</h5>
<p>The email value is an optional field. If you are worried about spam, you can set a URI as the value and link to your security policy.</p>
</div>
</div>
<div class="section" id="generate">
<div class="wrapper">
<h3>Generate your security.txt file</h3>
<form onsubmit="download(this['name'].value, this['blah'].value + this['contact'].value + this['text1'].value + '\n' + this['encryption'].value + this['text2'].value + '\n' + this['acknowledgements'].value + this['text3'].value + '\n' + this['policy'].value + this['text4'].value + '\n' + this['signature'].value + this['text5'].value)">
<input type="hidden" name="name" value="security.txt">
<input type="hidden" name="blah" value="">
<p>Contact: <a target="_blank" rel="noopener" href="https://tools.ietf.org/html/draft-foudil-securitytxt-02#section-2.3">(description)</a></p><input name="contact" type="hidden" value="Contact: ">
<input class="u-full-width" type="text" placeholder="[email protected]" name="text1">
<p>Encryption: <a target="_blank" rel="noopener" href="https://tools.ietf.org/html/draft-foudil-securitytxt-02#section-2.4">(description)</a></p><input name="encryption" type="hidden" value="Encryption: ">
<input class="u-full-width" type="text" placeholder="https://example.com/pgp-key.txt" name="text2">
<p>Acknowledgements: <a target="_blank" rel="noopener" href="https://tools.ietf.org/html/draft-foudil-securitytxt-02#section-2.7">(description)</a></p><input name="acknowledgements" type="hidden" value="Acknowledgements: ">
<input class="u-full-width" type="text" placeholder="https://example.com/acknowledgements.html" name="text3">
<p>Policy: <a target="_blank" rel="noopener" href="https://tools.ietf.org/html/draft-foudil-securitytxt-02#section-2.6">(description)</a></p><input name="policy" type="hidden" value="Policy: ">
<input class="u-full-width" type="text" placeholder="https://example.com/security-policy.html" name="text4">
<p>Signature: <a target="_blank" rel="noopener" href="https://tools.ietf.org/html/draft-foudil-securitytxt-02#section-2.5">(description)</a></p><input name="signature" type="hidden" value="signature: ">
<input class="u-full-width" type="text" placeholder="https://example.com/.well-known/security.txt.sig" name="text5">
<br>
<input class="button button-primary" type="submit" value="Generate security.txt file">
</form>
</div>
</div>
<div class="section" id="contributors">
<div class="wrapper">
<h3>Contributors</h3>
<p>The <a href="https://twitter.com/EdOverflow">editor</a> would like to acknowledge the help provided during the development of security.txt by the following individuals:</p>
<p><a href="https://twitter.com/TomNomNom">Tom Hudson</a> helped writing the "File Format Description" and wrote several security.txt parsers.</p>
<p><a href="https://twitter.com/teknogeek_">Joel Margolis</a> was a big help when it came to wording the Internet draft appropriately.</p>
<p><a href="https://twitter.com/Bugcrowd">Bugcrowd</a>, <a href="https://twitter.com/caseyjohnellis">Casey Ellis</a>, and <a href="https://twitter.com/codesoda">Chris Raethke</a> for transferring securitytxt.org to the security.txt project and for sharing details about previous work that they conducted on a similar project.</p>
<p><a href="https://twitter.com/jobertabma">Jobert Abma</a> for raising issues and concerns that might arise when using certain directives.</p>
<p><a href="https://twitter.com/gerben_javado">Gerben Janssen van Doorn</a> for reviewing the Internet draft multiple times.</p>
<p><a href="https://twitter.com/sumlac">Justin Calmus</a> was always there to answer questions related to writing the Internet draft.</p>
<p><a href="https://twitter.com/sirdarckcat">Eduardo Vela</a> and <a href="https://twitter.com/kkotowicz">Krzysztof Kotowicz</a> for meeting in person to discuss security.txt in great detail.</p>
</div>
</div>
<div class="section" id="projects">
<div class="wrapper">
<h3>Security.txt projects</h3>
<p><a href="https://github.com/hrbrmstr/securitytxt">Identify and Parse Web Security Policies Files in R </a> by <a href="https://twitter.com/hrbrmstr">boB Rudis</a>.</p>
<p><a href="https://github.com/securitytxt/Extension">The official Chrome extension for security.txt</a> by <a href="https://twitter.com/karel_origin">Karel Origin</a>.</p>
<p><a href="https://github.com/tomnomnom/securitytxt">A security.txt parser for Go</a> by <a href="https://twitter.com/TomNomNom">Tom Hudson</a>.</p>
<p><a href="https://github.com/tomnomnom/phpsecuritytxt">A security.txt parser for PHP</a> by <a href="https://twitter.com/TomNomNom">Tom Hudson</a>.</p>
<p><a href="https://github.com/adamdecaf/go-security-txt">Golang security.txt parser and cli tool</a> by <a href="https://github.com/adamdecaf">Adam Shannon</a>.</p>
<p><a href="https://github.com/austinheap/php-security-txt">A PSR-4 security.txt reader and writer for PHP 7+</a> by <a href="https://twitter.com/austinheap">Austin Heap</a>.</p>
<p><a href="https://github.com/austinheap/laravel-security-txt">A configurable security.txt plugin for Laravel 5.5+</a> by <a href="https://twitter.com/austinheap">Austin Heap</a>.</p>
<p><a href="https://wordpress.org/plugins/wp-security-txt/">A configurable security.txt plugin for WordPress 4.9</a> by <a href="https://twitter.com/austinheap">Austin Heap</a>.</p>
<p><a href="https://github.com/gergelyke/express-security.txt">An npm package for express applications </a> by <a href="https://github.com/gergelyke">Gergely Nemeth</a>.</p>
<p><a href="https://github.com/lirantal/express-security-txt">A Node.js middleware for Express that implements security.txt</a> by <a href="https://github.com/lirantal">Liran Tal</a>.</p>
<p><a href="https://www.drupal.org/project/securitytxt">Security.txt module for Drupal 8</a> by <a href="https://www.drupal.org/u/danieljrmay">Daniel J. R. May</a>.</p>
</div>
</div>
<div class="section" id="help">
<div class="wrapper">
<h3>What can you do to help?</h3>
<ul>
<li>Help spread the word;</li>
<li>Encourage popular frameworks to include a security.txt file by default;</li>
<li>Discuss adding a security.txt file at your company;</li>
<li>Contribute to the security.txt project <a href="https://github.com/securitytxt">on GitHub</a>.</li>
</ul>
</div>
</div>
<div class="section" id="donate">
<div class="wrapper">
<h3>Donate</h3>
<p>Donations will be used to pay bug bounties to individuals who report valid security vulnerabilities in the security.txt project, and to cover the hosting costs.</p>
<a class="button button-primary"href="https://liberapay.com/security.txt/donate">Donate</a></li>
</div>
</div>
<div class="section" id="share">
<div class="wrapper">
<a class="button button-primary" href="https://twitter.com/intent/tweet?text=security.txt%20-%20A%20proposed%20standard%20that%20allows%20websites%20to%20define%20security%20policies.%20https%3A%2F%2Fsecuritytxt.org%2F"><i class="ion-social-twitter"></i> Tweet about security.txt</a>
<a class="button" href="https://github.com/securitytxt/security-txt">Contribute</a>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js" integrity="sha384-EaUkI/FiMJtEXWAl0dCczvbFvjfzsIF1UNKGJvu9p5JIG71Kih7/kQJvYbBL7HOn" crossorigin="anonymous"></script>
<script type="text/javascript">
function download(filename, text) {
var magic = document.createElement('a');
magic.setAttribute('href', 'data:text/plain;charset=utf-8,' +
encodeURIComponent(text));
magic.setAttribute('download', filename);
magic.style.display = 'none';
document.body.appendChild(magic);
magic.click();
document.body.removeChild(magic);
}
</script>
</body>
</html>