Adding security.txt

Earlier in the year I wrote about adding humans.txt, a simple text file which can be used to list the humans involved in building the website.  I also use my file to list tools and services that have I have to build and run my website.

There is also a reasonably new initiative out there to add a security.txt file as well.  They describe this very concisely as…

The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.

So as it says, this lists things like contact details, link to security policy, encryption keys in case you need to send private data, that sort of information.  This means that if a security researcher was to find a problem with your site, they could easily and confidently get in touch with the right people (as you’ve listed them) to report the issue.  And you really want to have the issue reported to you, so that you can resolve it as soon as possible!

Unlike “humans.txt” which is supposed to live in the root folder, “security.txt” is supposed to sit in the “.well-known/” folder.  However, I decided to double up and put both files in both locations, like this…

Hopefully this makes them super easy to find, for those who are interested.

Git aliases

Taking a slight sidebar from my current blog series entitled Getting going with Heroku and PHP (part 1) (and part 2), I’ve discussed that the commands that I am now using to push updates are as follows… gulp git add . git commit -m “A useful commit message” git push git subtree push –prefix build heroku master This…