Hacker News new | past | comments | ask | show | jobs | submit login
Does Your Organization Have a Security.txt File? (krebsonsecurity.com)
13 points by picture 34 days ago | hide | past | favorite | 2 comments

> It seems that setting up a security.txt file tends to invite a rather high volume of spam. Most of these junk emails come from self-appointed penetration testers who — without any invitation to do so — run automated vulnerability discovery tools and then submit the resulting reports in hopes of securing a consulting engagement or a bug bounty fee.

Yep, I have a friend who just set hers up; she said within days she had received several emails that seemed more like threats than disclosures or offers to disclose. Worse yet, maybe for all parties, the wording was on the "way too diplomatic" side and this led to a loss of trust.

Prior to this situation she said her favorite reports involved https://www.openbugbounty.org/ and friendly advice on how to resolve the issue.

My security is government tier.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact