Details
Description
Should the FHIR core specification encourage servers to publish the well-known security.txt file? To enable vulnerability reporting? https://securitytxt.org/
I want community feedback on this possible recommendation we could make to servers and product implementers. It seems easy, but I want community feedback to understand if there are other alternatives, they currently do that we should consider.
Another alternative uses DNS -- https://dnssecuritytxt.org/
see chat discussion and poll https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy/topic/well-known.20security.2Etxt
Attachments
Issue Links
- mentioned in
-
Page Loading...