@bagder IANA just published a new field for the security.txt (RFC 9116) format: "Bug-Bounty: True/False".

The @RIOT_OS team is receiving an increased amount of presumably LLM generated bogus vuln reports (though nowhere near curl levels). And since we deployed a security.txt, scrapers started sending emails inquiring about our bug bounty programs.

I was hoping that if that field gets some visibility, scrapers might filter for that before spamming the security inboxes.

https://www.iana.org/assignments/security-txt-fields/security-txt-fields.xhtml