Add /.well-known/security.txt (RFC 9116) #180

New Issue

Open

opened 2026-05-14 17:31:18 +00:00 by chihlasm · 0 comments

chihlasm commented 2026-05-14 17:31:18 +00:00

Owner

Copy Link

Add a static security.txt served at /.well-known/security.txt per RFC 9116.

Fields

• Contact: mailto:security@resolutionflow.com (verify address exists / is monitored)
• Expires: rolling 12 months
• Preferred-Languages: en
• Canonical: https://resolutionflow.com/.well-known/security.txt

Why

Trivial change but signals seriousness to security-conscious buyers.

Acceptance

• Reachable at https://resolutionflow.com/.well-known/security.txt with Content-Type: text/plain
• security@resolutionflow.com is a real, monitored inbox before publishing
• A reminder/process exists to refresh Expires annually

Add a static `security.txt` served at `/.well-known/security.txt` per [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116). ## Fields - `Contact: mailto:security@resolutionflow.com` (verify address exists / is monitored) - `Expires:` rolling 12 months - `Preferred-Languages: en` - `Canonical: https://resolutionflow.com/.well-known/security.txt` ## Why Trivial change but signals seriousness to security-conscious buyers. ## Acceptance - Reachable at `https://resolutionflow.com/.well-known/security.txt` with `Content-Type: text/plain` - `security@resolutionflow.com` is a real, monitored inbox before publishing - A reminder/process exists to refresh `Expires` annually

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/production-hardening

feat/l1-ai-tree-builder-phase-2a

docs/phase-2a-plus-taxonomy

feat/billing-plan-taxonomy

feat/self-serve-signup-phase-2

fix/seed-test-users-verified

fix/e2e-test-selectors

fix/ci-pytest-xdist

feat/admin-panel-rework-prod

feat/network-map-builder-prod

docs/update-changelog

feat/cockpit-harness

pre-ai-handoff

Labels

Clear labels

10x-analysis

From 10x product analysis

backend

FastAPI/Python work

bug

Something isn't working

collaboration

Team sharing, escalation, notifications

database

PostgreSQL/schema changes

documentation

Documentation updates

duplicate

This issue or pull request already exists

enhancement

Improvement to existing feature

feature

New functionality

frontend

React work

good first issue

Good for newcomers

help wanted

Extra attention is needed

integration

PSA, external service integrations

intelligence

Analytics, AI, data-driven features

invalid

This doesn't seem right

priority: high

Do this soon

priority: low

Nice to have

priority: medium

Important but not urgent

question

Further information is requested

quick-win

Low effort, high value

strategic

Long-term strategic bet

ux

User experience improvements

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

chihlasm

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: chihlasm/resolutionflow#180