On Wed, Dec 11, 2019 at 09:32:56PM +0100, Stephane Bortzmeyer <bortzmeyer@xxxxxx> wrote a message of 67 lines which said: > My own experience is that there is not a perfect solution: we use > whois, DNS SOA, personal contacts, official organisations like ANSSI > in France, and sometimes rants on Twitter. For the record, security.txt is mentioned in some national regulations. The US one was already referenced here, but this is also used in France : https://www.legifrance.gouv.fr/eli/arrete/2018/9/18/ECOP1825228A/jo/texte Requirments for public procurement on cybersecurity .... For the notifications to be real and efficient, standard agreements on cybersecurity must be used (security.txt, ABUSE@). -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
