Sluit

Internet.nl adds test for security.txt

11 okt 2022

A new security.txt test component has been added to the Internet.nl website test in collaboration with the Digital Trust Center (DTC). Security.txt is a standardised text file containing contact information that you place on your web server. Security researchers can use this information to contact the right department or person within your organization directly about vulnerabilities they have found in your website or IT systems. This can speed up the resolution of the vulnerabilities found, giving malicious parties less opportunity to exploit them. In short: test your own domain and publish a security.txt file!

What is your contact point for security vulnerabilities?

At any time, security researchers (also known as benevolent or ethical hackers) may find digital vulnerabilities in your website or IT systems. Of course, you want to be informed as fast as possible when such a discovery is made, so you can respond quickly and fix the leak. Unfortunately, it is often unclear where a security researcher can report a found vulnerability. This means valuable time may be lost in finding and reaching the right department or person within an organisation. The well-intentioned message may not even reach anyone at all.

Faster warnings with security.txt

Since malicious parties can also detect these vulnerabilities, no avoidable time should be lost in alerting affected organisations. The DTC regularly experiences that this speed is important when alerting Dutch companies. Security.txt can help. By making contact information available through security.txt as an organisation, security researchers can immediately alert the right person or department. The DTC therefore recommends that every company publishes a security.txt file and keeps it up to date.

Internet.nl test on security.txt

The new test for security.txt in Internet.nl is intended as a tool for companies and other organisations. The test checks whether the security.txt file is present on the domain name and whether the information included has the correct format.

Gerben Klein Baltink, chair Internet Standards Platform: "Together with the DTC, we worked to ensure that Internet.nl now also tests for security.txt. By simply adding this standardised format to your web domain, it has become easier for "helping hackers" to find the right contacts if they find a vulnerability with you. I therefore warmly encourage organisations to publish a security.txt file and check via Internet.nl whether this has been done correctly. This is how we keep the Internet open, free and secure together!"

For now, the security.txt standard within Internet.nl has the recommended status. The results of the security.txt test do not yet weigh into the overall test result score. Later this year, the security.txt test will also be added to Internet.nl's API and dashboard. The Netherlands Standardisation Forum is currently reviewing whether the security.txt standard is suitable to become mandatory for the government via inclusion on the 'comply or explain' list.

Want to know more?

Does your company or organisation already have a security.txt file? Enter your website URL at Internet.nl and you'll know within seconds. Wondering how to easily create your own security.txt file? Then read more about security.txt (in Dutch) or visit securitytxt.org.

 

Veilig digitaal ondernemen

Het Digital Trust Center biedt ter ondersteuning van ondernemers een breed palet aan cybersecurity informatie en een gereedschapskist met cybertools. Door middel van de 5 Basisprincipes van Digitaal Veilig Ondernemen kan elk bedrijf of organisatie haar basis op orde brengen. Testen waar je staat? Doe de Basisscan Cyberweerbaarheid.
Ook werkt het DTC samen met diverse organisaties ter vergroting van de digitale weerbaarheid bij ondernemend Nederland. Hulpvraag? Check waar je terecht kunt via de wegwijzer cybersecurityinitiatieven.