This repo contains ways to signpost to the central vulnerability reporting service (VRS) for use by UK government organisations.
The central security.txt file is available here:
https://vulnerability-reporting.service.security.gov.uk/.well-known/security.txt
where it is maintained and generated at: https://github.com/co-cddo/gc3-vuln-reporting-iac
There are several ways to implement a signpost:
- 001-http-redirect: 302 redirect
- 002-faas-edge-code: FaaS (Cloudflare or AWS CloudFront) 302 redirect
- 003-html-redirect: HTML meta tag
- 004-dnssecuritytxt: DNS TXT records
If you need any support or have any queries, you can email: vm@gc3.security.gov.uk