At LinQhost, security always comes first. However, it can happen that something is overlooked, no matter how careful you are. Fortunately, there are ethical hackers, also called white hat hackers, who like to track down and report vulnerabilities. Where they used to be afraid of legal action, we now see more and more companies that are open to these reports and learn from them.
What is a security.txt?
To make reporting security vulnerabilities easier, a universal standard is being developed: security.txt. This file is placed on your web server, so that hackers know exactly how and where to report a security problem. Although the standard is still in development, it already offers a clear and efficient solution for reporting vulnerabilities.
With a security.txt file you can specify the following:
- Who is responsible for security.
- A link to your responsible disclosure policy.
How do you set up a security.txt?
- Create a .well-known folder in the root of your web server.
- Generate a security policy via securitytxt.org.
- Place the generated file in the .well-known folder.
Why should you have a responsible disclosure policy?
Publishing a responsible disclosure policy is a simple and cost-effective way to protect your business from serious security incidents. By clearly communicating how someone can report security issues, you can prevent serious data breaches and protect your reputation. Plus, it can save you a lot of money in the long run.
Tips for a good responsible disclosure policy:
- Make the rules of the game clear and accessible.
- Don’t use threatening language; ethical hackers actually help you by reporting the problem.
- Consider a reward to show goodwill.
- Write in English, as many hackers do not speak Dutch.
- Respond to reports quickly and appropriately.
- Use a security.txt policy so hackers can easily find you.
Conclusion
There is really no reason not to publish a responsible disclosure policy for your company. It costs next to nothing, but can save you a lot of money and reputational damage. By giving ethical hackers the opportunity to report problems, you create an extra layer of security for your systems.
Related Articles
Web Hosting and Security Risks
When you think about securing your business data, web hosting is often not the first thing that comes to mind. However, ignorance and lack of security measures often lead to major problems. Think of hacked websites that spread spam, data loss and ...
DKIM: Setting up on Plesk
Emails sent from your Plesk server(s) are considered reliable when it is equipped with DKIM. We will tell you in this blog: how to enable DKIM on your Plesk server you can set this on the desired Plesk packages you can add the DKIM DNS records to the ...
SPF record LinQhost
Do you want to make sure that your emails arrive safely and do not end up in spam? Then it is essential to set up your SPF records correctly. At LinQhost we make this process easy for you. What is an SPF Record? SPF stands for Sender Policy ...
DKIM: Setting up HPW
Emails sent from your HPW server(s) are considered reliable when it is equipped with DKIM. We explain the how and why in this blog: How to enable DKIM on your HPW server via our Portal How to add the DKIM DNS records to the DNS zone via our Portal ...
Prevent outgoing email abuse
It can happen that a server is put on a so-called blacklist, often because a customer unintentionally sends spam. This causes problems for you and other customers, because legitimate emails can be rejected by services such as Gmail, Hotmail or ...