I am regularly surprised how many organizations fail with one of the most basic things they can do about IT security: HAVE A SECURITY CONTACT.
If someone externally wants to tell you about a security issue, make it easy for them. There's a standard for it (security.txt), but even having any place on your webpage saying e.g. "if you found a security issue, please contact XYZ" is good enough.
hanno
npub1sy…83cq9
2025-02-06 10:29:26 UTC
Author Public Key
npub1syue7pmxnqdduqh2ydqwavs0vx056jnc5zxmlg6lxecrl9zdtxfq283cq9Seen on
wss://relay.momostr.pinkPublished at
2025-02-06 10:29:26 UTCEvent JSON
{
"id": "d7578c1f57d1926e6e289418a326c93b44ec9d6152873bb37df2e3b8792d80e1",
"pubkey": "81399f0766981ade02ea2340eeb20f619f4d4a78a08dbfa35f36703f944d5992",
"created_at": 1738837766,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/@hanno/113956471857955236",
"web"
],
[
"proxy",
"https://mastodon.social/users/hanno/statuses/113956471857955236",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/hanno/statuses/113956471857955236",
"pink.momostr"
],
[
"-"
]
],
"content": "I am regularly surprised how many organizations fail with one of the most basic things they can do about IT security: HAVE A SECURITY CONTACT.\nIf someone externally wants to tell you about a security issue, make it easy for them. There's a standard for it (security.txt), but even having any place on your webpage saying e.g. \"if you found a security issue, please contact XYZ\" is good enough.",
"sig": "a6d09c273557624b5e6f3e68e678afcb9b562704860464907265178b230baaee35f7a22c1795c982ec0fd69fbceb30c6b287d064499aef2bb39aabc69d681d56"
}