Insights / No security.txt

📋 Companies without security.txt

These domains have no security.txt file (RFC 9116), indicating they lack a formal vulnerability disclosure policy.

35
Companies affected
2378
Total scanned
1%
Prevalence
Domain
Score
Tier
Status
plyprd.grupoib.local
38/100
Fail
Not found
qipu.prd.interbank.per
38/100
Fail
Not found
infowars.com
55/100
Fail
Not found
epvw.fa.us6.oraclecloud.com
62/100
Conditional
Not found
hq1.appsflyer.com
62/100
Conditional
Not found
+30 more companies
This dataset is available on request. Leave your work email and we'll send you the full list within 24 hours.
No spam — we only use this to send you the data
Request received
We'll send the full dataset to your inbox shortly. Keep an eye out for an email from the LynxRadar team.

Which companies don't have a security.txt file?

security.txt (RFC 9116) is the internet standard for publishing vulnerability disclosure policies. It tells security researchers how to report vulnerabilities, who to contact, and what encryption to use. Companies with a valid security.txt signal a mature security program — they're more likely to have SOC 2 certification, bug bounty programs, and dedicated security teams. Its absence is a red flag in vendor security assessments.

LynxRadar scanned 2378 domains including Fortune 500 companies and Y Combinator startups. Of those, 35 (1%) were found to have this security gap. The data above is updated continuously as new domains are scanned. Scan any domain to check its status.

Frequently Asked Questions

What is security.txt?
security.txt is an RFC 9116 standard file published at /.well-known/security.txt that tells security researchers how to report vulnerabilities to a company. It includes contact information, encryption keys, and disclosure policies.
Does having security.txt mean a company is SOC 2 certified?
Not directly, but security.txt is a strong signal of security maturity. Companies that publish it are significantly more likely to have formal security certifications, incident response processes, and bug bounty programs.
How many companies have security.txt?
In LynxRadar's scan of 2378 domains, 35 (1%) were found without a security.txt file, meaning they lack a standard vulnerability disclosure policy.