Two days ago, I talked about adding a robots.txt file to your site to inform web crawlers like Googlebot for better Google search indexing of your website. Today, with this PR, I have added a security.txt file to blogthedata.com, giving security researchers a way to contact me about new web services vulnerabilities potentially affecting my site.

It’s easy to set this up yourself! You're adding two routes to your app containing information about how to contact you.

https://blogthedata.com/pgp-key.txt

https://blogthedata.com/.well-known/security.txt

“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”

https://securitytxt.org

The first step is to fill out a form on https://securitytxt.org. The tricky part is the encryption section. It's asking for the public key of a GPG asymmetric key pair. There are smarter ways of generating keys, but I used this online PGP generator. Once you create the keys, you'll want to stash the private key somewhere safe and put your public key at a publically accessible endpoint. 

Add a security.txt file to your website and join companies like Google, Facebook, and Github to make the web safer for everyone.

Comments

Back to Home
John Solly Profile Picture
John Solly Profile Picture

John Solly

A hands-on AI practitioner who transitioned to a CTO role to broaden my impact.

Most of my career has been dedicated to developing spatial systems at Esri, startups, and federal agencies. Currently, I lead technology strategy for Leidos' Health IT division, supporting agencies such as SSA, VA, and HHS.

My primary focus is the convergence of spatial computing and AI, enabling machines to interpret the physical world and applying these capabilities to meaningful missions.

Please reach out if you are interested in spatial systems or advancing AI within the federal government.