Deploying security.txt: how Cloudflare’s security team builds on Workers

Cloudflare's security team has adopted a "builder first mindset" for new projects, using their own products and services wherever possible. They have launched support for the security.txt initiative through their serverless platform, Workers, to provide a common location for security researchers to learn about communication with their team. The Workers platform allows applications to be deployed on Cloudflare's edge network, providing high performance and reliability without requiring maintenance of servers or software stacks. This has enabled the development of various security projects, such as secure code review, CSP nonces and HTML rewriting, and authentication for legacy applications. The team also implemented support for security.txt on their website using Workers, automating deployment and updates while ensuring version control and easy maintenance. They have open-sourced the Worker itself to help others achieve similar security wins with the platform.