Hacker News new | past | comments | ask | show | jobs | submit login

I don't think this should be a standard pe say. Maybe more of what is a best fit for your risk appetite. Because I could easily see this as a flag to welcome people to attack your website looking for bounties. If that is the case how are your blue team people going to know the difference?

As far as the info contained within the txt file there should only be a email address or contact info if you found something serious absolutely nothing more. No reason to intentionally/unintentionally provide information used for recon.

About the automated scanners... adjust your scope to avoid the file.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: