security.txt generator
Annex I Part II of the CRA requires a contact address for reporting vulnerabilities. RFC 9116's security.txt is the standard way researchers look for it. Cheapest compliance point you'll score all week.
/.well-known/security.txt
Contact: mailto:security@example.com Expires: 2027-07-03T06:59:33Z Preferred-Languages: en
Deploy it:
- Serve this file at
https://yoursite.com/.well-known/security.txt. - The Expires date is set one year out — renew it (calendar reminder now).
- Consider signing it with PGP (optional but appreciated by researchers).