// disclosure tooling
security.txt & disclosure policy generator
Give researchers a clear way to report vulnerabilities. Generate a valid .well-known/security.txt (RFC 9116), a disclosure policy, and a triage email — instantly. Nothing is stored.
Frequently asked questions
What is security.txt?
A standard file (RFC 9116) at /.well-known/security.txt that tells security researchers how to report vulnerabilities to you — contact, policy, encryption key, and an expiry date.
Where do I put the file?
Host the generated text at https://yourdomain/.well-known/security.txt (plain text, served over HTTPS). Update it before the Expires date.
Is my input stored?
No. The files are generated on NeoShield from what you enter and are not stored or saved on our side.
Do I need a PGP key?
It is optional but recommended for sensitive reports — link to your public key with the Encryption field.