What is security.txt?
It is a way for organizations to communicate information about their security disclosure practices and ways to contact them. The information within can be used by security researchers and others to report security issues.
The file is placed in /.well-known/security.txt or /security.txt.
It is not a replacement for a responsible disclosure policy although it provides an easy way to find security contacts and how to disclose safely.