I’ve just started putting security.txt files on my various sites. This is a place to list security researchers who have helped keep my sites more secure. Please note the advice in my Security Policy page, especially if you’re wondering why I’m not replying to you.

2024

• Thanks to Adrian Tirado Garcia for pointing out that my Exhibition site was allowing public directory listing, including letting everyone see my Capistrano configuration…
• Thanks to Parth Narula for pointing out that I still had the default Apache page configured.
• Thanks to KAVINKUMAR for noticing the lack of iframe origin policy on this WordPress install.
• Thanks to AKHIL C.D. for noticing the lack of iframe origin policy on the One Mile Matt site.
• Thanks again to AKHIL C.D. for noticing an open redirection issue.
• Thanks to Shubham Sanjay Deshmukh for recommending some newer security headers.

2023

• Thanks to Gaurang Maheta for scanning the site and making several observations that have helped me lock things down a bit more securely.