A File Format to Aid in Security Vulnerability Disclosure, April 2022
- File formats:
- E. Foudil
- NON WORKING GROUP
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsable format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.