security.txt is an attempt to create a standard like robots.txt only for containing information on how to contact a web service to report potential security risks,
When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to properly disclose them. As a result, security issues may be left unreported. Security.txt defines a standard to help organizations define the process for security researchers to securely disclose security vulnerabilities.
The current draft for the standard would result in a file looking something like this that would be available under the domain name,
<CODE BEGINS> # Our security address Contact: [email protected] Encryption: https://example.com/pgp-key.txt Disclosure: Full <CODE ENDS>