[1] The standard prescribes a text file named security.txt in the well known location, similar in syntax to robots.txt but intended to be machine- and human-readable, for those wishing to contact a website's owner about security issues.

[4] At that time it covered four directives, "Contact", "Encryption", "Disclosure" and "Acknowledgement".

[6][7] The Internet Engineering Steering Group (IESG) issued a Last Call for security.txt in December 2019 which ended on January 6, 2020.

[9] The study also noted a number of discrepancies between the standard and the content of the file.

In April 2022 the security.txt file has been accepted by Internet Engineering Task Force (IETF) as RFC 9116.