Does your company's website have a security.txt file? There is a draft industry standard for listing your security contact on your website (in the directory /.well-known/security.txt), so that people know how to report security issues. See https://securitytxt.org/ for info.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Organizations vulnerable to CVE-2019-11510: Thousands Security contacts obtained via security.txt: 0https://twitter.com/bad_packets/status/1165574263975186433 …
-
This is literally the reason I'm tweeting encouraging more orgs to implement this.
End of conversation
New conversation -
-
-
Uhm there’s hundreds. My old company use it. Facebook, Github etc etc.
-
Let's take a top-10 list of technology companies: https://www.investopedia.com/articles/markets/030816/worlds-top-10-technology-companies-aapl-googl.asp … How many of those have a security.txt file available? ONE. Facebook. It's not a bad idea. But it's currently not a viable way of getting security contact information for a company.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.