CRAdarCheck

security.txt generator

Annex I Part II of the CRA requires a contact address for reporting vulnerabilities. RFC 9116's security.txt is the standard way researchers look for it. Cheapest compliance point you'll score all week.

/.well-known/security.txt
Contact: mailto:security@example.com
Expires: 2027-07-03T06:59:33Z
Preferred-Languages: en

Deploy it:

  1. Serve this file at https://yoursite.com/.well-known/security.txt.
  2. The Expires date is set one year out — renew it (calendar reminder now).
  3. Consider signing it with PGP (optional but appreciated by researchers).