securitytxt.org VS countwords

You might consider setting up security.txt notifications, per RFC 9116, to funnel people into the right notification paths. Otherwise, they might try spamming random emails they find or can guess at. I've had external researchers contact our CTO and CEO directly, creating a new problem for me.

Check if they have a security.txt, if they do not, check their /security. If both come up empty, use any contact form that they have available.

In addition to the Bug bounty programs already posted in the comments, I'd suggest you create a security.txt with a dedicated security contact.

Does the website have a responsible disclosure page or a security.txt?

there's technically https://securitytxt.org as well; but sadly it's not in super duper wide deployment (some big places have it, though!)

Especially in the area you guys are operating in, I think it would be great if you could implement RFC 9116 (https://securitytxt.org/). If someone finds a vulnerability on your website, the client or even the SPN, this would make communication or a responsible disclosure process much easier. Furthermore, it would be great if the possibility for secure communication with your staff (e.g. using GPG) would be possible.

When do companies finally start adopting the `security.txt` proposal (see https://securitytxt.org).

Would have made a big difference!

"dang, I didn't know that was 50x faster than the idiomatic way" or "hey, I didn't know that this implementation in the stdlib prioritized this over that and made this so slow, that's interesting" -- .e.g, there's some kinda neat language details to be found in something like Ben Hoyt's community word count benchmarks repo and 'simple' vs 'optimal' code: https://github.com/benhoyt/countwords

It benchmarks programs that count the total number of unique words in some input. It's not exactly equivalent to your problem, but it's similarish. All of the programs used some kind of hash map for lookups, but I contributed a program that used a trie. Its performance in my experience varies depending on the CPU interestingly enough. On my old CPU (i7-6900K) it was a little slower, but on my new cpu (i9-12900KS) it was faster.

Why not read the source code? :-)

I wrote comments explaining things: https://github.com/benhoyt/countwords/blob/8553c8f600c40a462...

My own code example of a drastic speed up (~25%) simply replacing a couple of for loops with iters: https://github.com/benhoyt/countwords/pull/115

And yet Go was faster than Rust in a simple app that count words: https://benhoyt.com/writings/count-words/

> but the performance profiles & characteristics that we must know about in order to make a choice on which tool to use. And it shouldn't be that each user has to figure it out on their own, dig into PR's or whatever.

That's an interesting take – I like the idea of a catalog of standard tasks with implementations in several languages as well as their performance characteristics. I suppose Rosetta Code gets the ball rolling with this, but it's missing some performance metrics. It reminds me of [Ben Hoyt's piece](https://benhoyt.com/writings/count-words/) on counting unique words in the KJV Bible in different languages.

This article shows that map lookups can be optimized by using the (unintuitive) pattern: