RFC 9116 · INFORMATIONAL · 2022 SAT · 13 JUN 2026

A File Format to Aid in Security Vulnerability Disclosure

By E. Foudil, Y. Shafranovich · Published April 2022 · DOI 10.17487/RFC9116

Overview

RFC 9116, “A File Format to Aid in Security Vulnerability Disclosure”, is an Informational document published in April 2022 by E. Foudil, Y. Shafranovich. The canonical text is published by the RFC Editor.

Abstract

When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsable format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.

Abstract as published in the RFC, via rfc-editor.org.

What “Informational” means

Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.

Read this RFC

The canonical text of RFC 9116 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.

Read on rfc-editor.org Plain text › HTML › IETF Datatracker › DOI link ›
Other RFCs from 2022

Who Is Online

In total there are 26 users online: 0 registered, 19 guests and 7 bots.

Most users ever online was 1,226 on 13 Jun 2026, 3:56 am.

Bots: AhrefsBot Applebot Bingbot Facebook Other Bot SemrushBot Sogou

Users active in the past 15 minutes. Total registered members: 354