Does Your Organization Have a Security.txt File?. A growing number of major companies are adopting “ Security.txt ,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences. The idea behind Security.txt is straightforward: The organization pl aces a file called security.txt in a predictable place — such as example.com/security.txt, or example.com/.well-known/security.txt. What’s in the security.txt file varies somewhat, but most include links to information about the entity’s vulnerability disc losure policies and a contact email address.