Security.txt Guidance

This section provides detailed guidance on implementing the security.txt standard for your organization.

Porsche Holding recommended security.txt

Our Porsche Holding default security.txt file that can be used as-is in case no customization is needed

• Porsche Holding - Default security.txt

Porsche Holding Custom security.txt

In case you prefer to use a customized security.txt file, please consider the following information:

• Custom security.txt - implementation guide

Best Practices

1. Keep it simple - Include only what's necessary
2. Update regularly - Set calendar reminders for the expiration date
3. Validate your file - Use the official validator
4. Test accessibility - Make sure it's accessible at .well-known/security.txt
5. Respond promptly - A security.txt file creates an expectation of response

Resources

• RFC 9116 - The official security.txt specification
• Validator - Tool to validate your particular security.txt file