Internet Assigned Numbers Authority • Domains • Protocols • Numbers • About security.txt Fields Created 2021-07-13 Last Updated 2026-03-07 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registry Included Below • security.txt Fields security.txt Fields Registration Procedure(s) Expert Review Expert(s) Yakov Shafranovich, Edwin Foudil Reference [RFC9116] Available Formats [IMG] CSV Field Name Description Multiple Status Change Controller Reference Appearances Acknowledgments link to page where security researchers are yes current IETF [RFC9116] recognized Canonical canonical URI for this file yes current IETF [RFC9116] Contact contact information to use for reporting yes current IETF [RFC9116] vulnerabilities Link to a provider-metadata.json resource of the [Common Security Advisory CSAF Common Security Advisory Framework (CSAF) yes current [OASIS_Open] Framework Version 2.0, OASIS Standard] Expires date and time after which this file is considered no current IETF [RFC9116] stale Encryption link to a key to be used for encrypted communication yes current IETF [RFC9116] Hiring link to the vendor's security-related job positions yes current IETF [RFC9116] Policy link to security policy page yes current IETF [RFC9116] Preferred-Languages list of preferred languages for security reports no current IETF [RFC9116] A project or company that may financially reward [Software Engineering Institute, reporters via a bug bounty program as per section "The CERT Guide to Coordinated Bug-Bounty 3.5.5 of [CERT.CVD] can indicate this by adding the no current IETF Vulnerability Disclosure", line "Bug-Bounty: True". Adding the line Carnegie Mellon University, "Bug-Bounty: False" indicates that no financial CMU/SEI-2017-SR-022, August 2017] reward via a bug bounty program can be offered. Contact Information ID Name Contact URI Last Updated [OASIS_Open] OASIS Open mailto:project-admin&oasis-open.org 2023-02-15 https://www.oasis-open.org Licensing Terms