Dutch government organizations are required to use security.txt on their websites. According to an application or explanation standard, municipalities, provinces, and the national government must put up a document on the Internet explaining how ethical hackers can reach them.
According to the Digital Trust Center, the security.txt standard has now been upgraded to compliance or interpretation status of the Standardization Forum. This effectively means that it is mandatory for government agencies to implement security.txt on their websites unless administrators can provide a good reason not to. The Forum has already started consultations on this last year.
According to the Digital Trust Center, twenty percent of Dutch government websites contain a security.txt file. The Standardization Forum hopes to increase this share. The new policy applies to the websites of municipalities, governorates, government institutions and water boards. They don’t always have to upload their own file. They can also refer to the public security.txt file at the National Center for Cyber Security, which is responsible for the responsible disclosure policy of the entire Dutch government.
Security.txt has been an official RFC draft standard since last year. The standard describes a text file that website administrators can place in a centrally accessible location on their domain, which contains information about how they can be accessed by ethical hackers who have discovered the vulnerability. Last year, Tweaker spoke with the creator of the benchmark and wrote a background article about it.
The Digital Documentation Center has been calling for the implementation of the standard since last year. The DTC is part of the Ministry of Economic Affairs and mainly focuses on the Dutch business community. At the end of last year, Internet.nl actually added security.txt validation to its domain testing.
/i/2005804364.png?f=imagenormal)
