Security.txt in APP Konfigurator

savity

Hi Everyone,

since security.txt is a https://www.rfc-editor.org/rfc/rfc9116 is there a way to get this done for my APPs?
We are able to modify robots.txt but it would be awesome to do this for security.txt
BR Savity

nebulon

Not sure I fully understand the RFC there, but this sounds more like the app itself should ship such a file so researchers discovering a security issue can contact the app authors to let them know?

savity

The goal is to provide a way for individuals and teams to report any vulnerabilities found on the website or in the application. For example, this can be set up similarly to the following pages:

https://www.brz.gv.at/security.txt
https://www.bsi.bund.de/security.txt

This approach allows for flexibility in addressing vulnerabilities; they do not always need to be limited to the application side alone.

nebulon

I guess we can add this in the app configure section if there is some interest.
Some more context is at https://securitytxt.org/

johannesjom

That would be a very cool feature!