Elegant, Inc.
As a website owner, I would like a security.txt file included in the root of my application. #55
-
Background / MotivationAs a website owner, I would like to have a security.txt file in the root of my application. This file is similar to the robots.txt file, and will serve as a landing point for security researchers and any other people who may stumble into a security issue. The security.txt file will hold basic info about how someone may report a security issue. This topic has come up recently alot online, and is now a requirement of all Dutch government website. Though the Dutch government may be a small market for Elegant currently, we have ambitions of being able to support any user who wish to uses Elegant, even if it is a government entity. This topic was futher encouraged for Elegant by users on Hacker News: https://news.ycombinator.com/item?id=36149004#36152473 IdeaCreate a security.txt file, with basic contact details. Use Elegant's contact info to report security issues if no contact info is provided by the Elegant user through .env vars or other methods. Since Elegant is acting as a content framework that puts together the best of the best frameworks, I believe it is in our responsibility to provide a security template, and/or provide a contact mechanism for anyone wishing to report security issues directly to us in regards to Elegant, Tailwind, Next.js, or any other tool or package we use. Implementation 1:TBD Check out this real life security.txt in production: https://www.ncsc.nl/.well-known/security.txt Other things |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
Beta Was this translation helpful? Give feedback.
-
|
For reference: https://news.ycombinator.com/item?id=36149004#36152473 |
Beta Was this translation helpful? Give feedback.
#58