Security.txt is a "standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt, but for security issues.
https://securitytxt.org/ (https://github.com/securitytxt/securitytxt.org)
https://github.com/securitytxt/
The Internet draft for security.txt can be found here: https://www.ietf.org/id/draft-foudil-securitytxt-00.txt.
What is the main purpose of security.txt?
The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.
Is security.txt supposed to replace bug bounty platforms?
No. Security.txt is supposed to accompany them.
Contributions from the public are welcome.
The issue tracker is the preferred channel for bug reports and features requests.
The bug tracker utilizes several labels to help organize and identify issues.
Use the GitHub issue search — check if the issue has already been reported.