#SecurityTXT @HonkHase @ant0inet
---
RT @evawolfangel
Im Bild Moodle-Diskussionen ahnungloser Studierender, die wir im Netz gefunden haben neben deren Noten (und ja: da ist ein Edit-Button - wir hätten Noten ändern können). Wenn man sowas findet, das versucht zu melden und dann niemand reagiert, ist das ernüchternd.
#cybersecurity https://twitter.com/digiges/status/1633192510523600897
https://twitter.com/evawolfangel/status/1633423738174668806

A few days ago, we published the initial version of our first open-source Sulu CMS bundle to easily manage security.txt files.

Read more about it on our blog and give it a try: https://blog.bitexpert.de/blog/sulu_securitytxt_0.1.0

#bitBlog #Symfony #Sulu #securitytxt

Updated sectxt over the weekend to reflect the latest #securitytxt specification. Seems like barely any of the major websites fully comply to the standard, including #google. https://github.com/eikendev/sectxt

@harld Goed gezien! We maken gebruik van de sectxt parser/validator (https://github.com/DigitalTrustCenter/sectxt) die dat niet doet. De reden daarvoor is dat er helaas geen standaard plek is om een publieke PGP-sleutel (die nodig is voor validatie van een handtekening) te kunnen ophalen. Bij de volgende update van https://Internet.nl zullen we in de toelichting van de test deze beperking vermelden. #securitytxt

RT @GovCERT_CH@twitter.com

To ensure that cybersecurity vulnerabilities can be quickly reported to an organisation, it is essential to implement the "security.txt" #standard with the most important contact details. #securitytxt
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2023/security_txt.html

🐦🔗: https://twitter.com/GovCERT_CH/status/1616118223883190276

RT @GovCERT_CH@twitter.com

Damit einer Organisation Cybersicherheitslücken rasch gemeldet werden können, ist die Umsetzung des #Standards «security.txt» mit den wichtigsten Kontaktdaten ein Muss. #securitytxt
https://www.ncsc.admin.ch/ncsc/de/home/aktuell/im-fokus/2023/security_txt.html

🐦🔗: https://twitter.com/GovCERT_CH/status/1616118365013131315

@jeroen @mastodon
Nice! The awesome admins of mastodon.nl already added a security.txt file to their server: https://en.internet.nl/site/mastodon.nl/1846018/#control-panel-31
However, it would indeed be good if the Mastodon software promoted having a security.txt file by default.
#securitytxt #vulnerabilitydisclosure

In 2022, together with our partners, we further enhanced https://Internet.nl. The underlying software was upgraded, documentation was improved and we added tests for RPKI ROAs (routing security) and security.txt (contact information for vulnerability reports). We are excited to make testing for modern internet standards even more fun in 2023!
In the meantime, keep on testing and improving!
Happy holidays! 🎄 🎅 ✨🍾

#moderninternet #standards #IPv6 #DNSSEC #RPKI #TLS #DANE #DMARC #securitytxt

@seanalan Also, I just updated my own #securitytxt

https://hugesuccess.org/.well-known/security.txt

It seems building a #securitytxt as defined in #RFC 9116 is not a simple task. Most of the files out there have formatting errors, are missing mandatory fields or including their own, unregistered fields.

The main reason must be the several changes during the draft phase, and even most of the validators are based on outdated versions. Therefore, I wrote a little Bash script to help with the validation and PGP signing of security.txt files.

https://github.com/oh2fih/securitytxt-tools

Dear #cloudsecurity and #blueteam fellows:

Please try to host a #securitytxt file in your projects and workplace domains to allow #infosec researchers and #bugbounty hunters to find all the details on how to contact your security Team.

For most environments it is quite easy to just add some static file, for #cloudnative I have written my own #golang microservice to provide this file.

For more details on the securitytxt file and what it is please refer to:
https://securitytxt.org

Die coolen Themen auf der #sccon22

Grüße an @zerforschung, ihr habt‘s auf ein BMI-Plakat geschafft, und danke an Ralf Käck für die Initiative! #ozg #itsec #securitytxt #tls #hsts #dnssec #responsibledisclosure (1/2)

#y0no #blog "Découverte du security.txt" #SecurityTXT #CyberSécurité #CyberSecurity #vulnérabilités #signalement #YesWeHack ... https://y0no.fr/posts/decouverte-security-txt/

#y0no #blog "Découverte du security.txt" #SecurityTXT #CyberSécurité #CyberSecurity #vulnérabilités #signalement #YesWeHack ... https://y0no.fr/posts/decouverte-security-txt/

Nouveau billet #blogmas #blogmas2017 #blogmas17 - 5 fichiers texte à placer à sur son site web ! - https://blog.anotherhomepage.org/post/5-fichiers-texte-sur-son-site-web - #robotstxt #humanstxt #securitytxt #hackerstxt #dntpolicytxt