Security.txt: el archivo de texto que puede salvar el mundo.

Rodrigo López Lio

Authors

Rodrigo López Lio Fil: López Lio, Rodrigo. Universidad Nacional Scalabrini Ortiz; Argentina. https://orcid.org/0009-0000-3015-245X

Keywords:

Vulnerability disclosure, Disclosure policy, Vulnerability management

Abstract

This document refers to the importance of the security.txt file for adopting a clear way of publicizing an organization's contact channels for receiving information about vulnerabilities related to its exposed services/applications, as well as the maturity process of organizations regarding their vulnerability management processes.

Author Biography

Rodrigo López Lio, Fil: López Lio, Rodrigo. Universidad Nacional Scalabrini Ortiz; Argentina.

Es egresado de CAECE en Seguridad Informática (2015), posgrado en Análisis de Inteligencia
Estratégica (2016) en el Instituto de Inteligencia de las Fuerzas Armadas. Tiene experiencia en seguridad de la información, investigaciones, equipos de respuesta a incidentes y es docente universitario en materias de ciberseguridad.

References

“Digital Signature” [En línea]. Disponible: https://www.rfc-editor.org/rfc/rfc9116#name-digital-signature

"Security.txt," Security.txt Project. [En línea]. Disponible: https://securitytxt.org/

E. Foudil y Y. Shafranovich, "A File Format to Aid in Security Vulnerability Disclosure," IETF, RFC 9116, abr. 2022. [En línea]. Disponible:

https://datatracker.ietf.org/doc/rfc9116/

D. Crocker, "Mailbox Names for Common Services, Roles and Functions," IETF, RFC 2142, may. 1997. [En línea]. Disponible: https://www.ietf.org/rfc/rfc2142.txt

Cybersecurity and Infrastructure Security Agency (CISA), "BOD 20-01: Develop and Publish a Vulnerability Disclosure Policy," 2020. [En línea]. Disponible: https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy

Cybersecurity and Infrastructure Security Agency (CISA), "Cybersecurity Performance Goals," 2023. [En línea].

Disponible: https://www.cisa.gov/cross-sector-cybersecurityperformance-goals

National Cyber Security Centre (NCSC), "Vulnerability Disclosure Toolkit," 2020. [En línea]. Disponible: https://www.ncsc.gov.uk/information/vulnerabilitydisclosure-toolkit

Data Standards Authority, "security.txt," GOV.UK. [En línea]. Disponible: https://alphagov.github.io/data-standardsauthority/standards/securitytxt/

National Cyber Security Centre (NCSC), "Vulnerability Reporting." [En línea]. Disponible: https://www.ncsc.gov.uk/information/vulnerability-reporting

National Cyber Security Centre (NCSC) Suiza, "security.txt," Confederación Suiza. [En línea]. Disponible:

https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infosunternehmen/aktuelle-themen/security-txt.html

CERT.ar, "security.txt," Repositorio GitHub. [En línea]. Disponible: https://github.com/cert-ar/security.txt

National Cyber Security Centre (NCSC), "Vulnerability Disclosure Toolkit," versión PDF, 2020. [En línea]. Disponible: https://www.ncsc.gov.uk/files/NCSCVulnerability-disclosure-Toolkit-v2.pdf

E. Foudil, comunicación personal, abr. 2024.

Security.txt: The text file that could save the world

Authors

Keywords:

Abstract

Author Biography

Rodrigo López Lio, Fil: López Lio, Rodrigo. Universidad Nacional Scalabrini Ortiz; Argentina.

References

Downloads

Published

How to Cite

Issue

Section

License

Current Issue

Information

Language

Make a Submission