Two and a half months ago, I checked another item off my ever-growing todo-list; writing and uploading a security.txt-file. I honestly don’t expect it to do much of anything, but at the very least, something now exists. I think having a way to easily contact me about potential issues is important enough that I don’t want people to have to hunt around for it. On the other hand, the amount of traffic to the site is an argument to leave well enough alone.
I think it’s a good idea, though, and want to make having security.txt-files the industry standard. Methods for responsible disclosure are not going to become any less important in the years to come, and adding my voice to those of industry greats such as Troy Hunt can’t hurt.
The updated version will be available at https://www.razumny.no/.well-known/security.txt, and I intend to update it (if merely by incrementing the expiry date) on a more or less regular basis.