Security.txt is a proposed standard way for website owners to provide security-related information (e.g. how to report vulnerabilities) to security researchers and other third parties.
It is similar in concept, and in format, to robots.txt.
To use it, the website administrator creates a document at
/.well-known/security.txt. The full URL would be something like
"/.well-known/" component of the URL is from RFC 5785.)