“Although security.txt is not yet an official Internet standard as approved by the Internet Engineering Task Force (IETF), its basic principles have so far been adopted by at least eight percent of the Fortune 100 companies. According to a review of the domain names for the latest Fortune 100 firms via gotsecuritytxt.com, those include Alphabet, Amazon, Facebook, HCA Healthcare, Kroger, Procter & Gamble, USAA and Walmart.”
A few weeks ago I realized OWASP has a top 10 for API security as well. The first version was published in 2019. There are enough differences in API security versus application security to warrant a separate list. However, that project is very light in terms of Docs: https://owasp.org/www-project-api-security/