I’ve just started putting security.txt files on my various sites. This is a place to list security researchers who have helped keep my sites more secure.


  • Thanks to Adrian Tirado Garcia for pointing out that my Exhibition site was allowing public directory listing, including letting everyone see my Capistrano configuration…
  • Thanks to Parth Narula for pointing out that I still had the default Apache page configured.


  • Thanks to Gaurang Maheta for scanning the site and making several observations that have helped me lock things down a bit more securely.