The security.txt file is a proposed standard location of a document describing 

instructions on how users should report a security vulnerability.

GitHub links to this file, under the "Policy" link on the "Security" tab of your repository.

We are currently in the process of implementing a community-centric security policy for WildFly which could serve as an umbrella for included projects. Until then we propose individual projects to direct reports to secalert@redhat.com such as:

1. Security Policy 

1. 1. Security Contacts and Procedures

<PROJECT_NAME> community takes security very seriously, and we aim to take immediate action to address serious security-related problems that involve our products or services.

Please report any suspected security vulnerability in this project to Red Hat Product Security at secalert@redhat.com. You can use our GPG key to communicate with us securely.

To report an issue in any Red Hat branded website or online service, please contact Red Hat Information Security at site-security@redhat.com.

https://access.redhat.com/security/team/contact

Activity

Create/update/verify SECURITY.md in the root of the repository, ensure it’s picked up by GitHub on the “Security” tab. Update the spreadsheet with the status.

link to document: https://docs.google.com/document/d/1dbOk4eorV4LQGNrhNVB1bLyiowGBkhdf5o3bLNEfVJY