# Security Policies ## security.txt A proposed standard for defining security policies in a machine and human-readable way. - **Website:** [securitytxt.org](https://securitytxt.org/) - **RFC:** [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116.html) ### Purpose - Contact information for security researchers - Security policy URL - Encryption key for secure communication - Disclosure preferences ### Example `.well-known/security.txt` ``` Contact: [email protected] Preferred-Languages: en, fr Policy: https://example.com/security-policy Encryption: https://example.com/pgp-key.txt Hiring: https://example.com/careers ``` ### Benefits - Easy for researchers to find reporting contact - Reduces response time for vulnerability disclosures - Shows organizational commitment to security