diff --git a/.well-known/security.txt b/.well-known/security.txt
new file mode 100644
index 0000000000..e26d5fe414
--- /dev/null
+++ b/.well-known/security.txt
@@ -0,0 +1,9 @@
+# Our security address
+Contact: mailto:security@example.com
+
+# Our PGP key
+Encryption: https://example.com/pgp-key.txt
+
+# Our security policy
+Policy: https://example.com/security-policy.html
+
diff --git a/dist/doc/usage.md b/dist/doc/usage.md
index ca7f85e13a..f11c1d7de8 100644
--- a/dist/doc/usage.md
+++ b/dist/doc/usage.md
@@ -40,6 +40,8 @@ A basic HTML5 Boilerplate site initially looks something like this:
 │   └── vendor
 │       ├── jquery.min.js
 │       └── modernizr.min.js
+├── .well-known
+│   └── security.txt
 ├── .editorconfig
 ├── .htaccess
 ├── 404.html
@@ -121,6 +123,16 @@ technology powering it.
 
 Edit this file to include any pages you need hidden from search engines.
 
+### .well-known
+
+RFC5785 [https://tools.ietf.org/html/rfc5785](https://tools.ietf.org/html/rfc5785) defines '.well-known' as a unique location for content discovery.  It contains one file - security.txt.
+
+### security.txt
+
+When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. Security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.
+
+This template file should be updated per-site.
+
 ### Icons
 
 Replace the default `favicon.ico`, `tile.png`, `tile-wide.png` and Apple
diff --git a/src/doc/usage.md b/src/doc/usage.md
index ca7f85e13a..f11c1d7de8 100644
--- a/src/doc/usage.md
+++ b/src/doc/usage.md
@@ -40,6 +40,8 @@ A basic HTML5 Boilerplate site initially looks something like this:
 │   └── vendor
 │       ├── jquery.min.js
 │       └── modernizr.min.js
+├── .well-known
+│   └── security.txt
 ├── .editorconfig
 ├── .htaccess
 ├── 404.html
@@ -121,6 +123,16 @@ technology powering it.
 
 Edit this file to include any pages you need hidden from search engines.
 
+### .well-known
+
+RFC5785 [https://tools.ietf.org/html/rfc5785](https://tools.ietf.org/html/rfc5785) defines '.well-known' as a unique location for content discovery.  It contains one file - security.txt.
+
+### security.txt
+
+When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. Security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.
+
+This template file should be updated per-site.
+
 ### Icons
 
 Replace the default `favicon.ico`, `tile.png`, `tile-wide.png` and Apple