Similar to robots.txt and humans.txt is a recent addition of a security.txt file. This is currently a draft proposal to provide a standardized way to define security policies for researchers. This is useful for bug bounty and disclosure programs. Government agencies were tasked to add these back in 2019, but COVID-19 likely delayed implementation and rollout.
This is usually applied in the root of a website at /.well-known/security.txt, but can also be immediately in the root at /security.txt. Personally, I put mine in /.well-known/ and put a redirect at the root to simplify maintenance.
For additional security, you can optionally sign the policy with PGP.
I did some searching around the web and found some examples (linked below):
File in the root path:
File in the preferred /.well-known path:
Some PGP signed examples:
Questionable, though as the files are meant to be read by humans, this would meet the most simple use case: