%% You should probably cite rfc9116 instead of this I-D. @techreport{foudil-securitytxt-12, number = {draft-foudil-securitytxt-12}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-foudil-securitytxt/12/}, author = {Edwin Foudil and Yakov Shafranovich}, title = {{A File Format to Aid in Security Vulnerability Disclosure}}, pagetotal = 21, year = 2021, month = may, day = 24, abstract = {When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a machine-parsable format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.}, }