From 36b5242ee3c8b8eae88b9c9ebcdd2820b7f74a18 Mon Sep 17 00:00:00 2001
From: Runar Ask Johannessen <ruaj@equinor.com>
Date: Mon, 27 Nov 2023 13:50:03 +0100
Subject: [PATCH] add contributing.md and security.md

---
 CONTRIBUTING.md | 28 ++++++++++++++++++++++++++++
 README.md       |  1 +
 SECURITY.md     | 18 ++++++++++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 CONTRIBUTING.md
 create mode 100644 SECURITY.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 00000000..3f65b73e
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,28 @@
+# How to contribute to this repo
+
+We love your input! We want to make contributing to this project as easy and transparent as possible, whether it's:
+
+- Reporting a bug
+- Proposing new features
+- Discussing the current state of the code
+- Submitting a fix
+
+This is how you should do it:
+
+Use our [issue list](../../issues) to report a **bug** or **propose a new feature**, including
+
+### Reporting a **bug report**  
+- A quick summary and/or background
+- Steps to reproduce
+- What actually happens
+
+### Adding a **feature request**  
+- Brief description of the feature
+- What problem/issue will this solve
+- A sort of Definition of Done - "How should it look when finished"
+
+### When submitting a fix using a Pull Request (PR)  
+- Fork this repository from GitHub  
+- After you have made the changes, create a pull request (PR)  
+
+We will review the pull request and if it is appropriate and there are no clashes or vulnerabilities, it will be merged to the main code.
\ No newline at end of file
diff --git a/README.md b/README.md
index eb80de1b..a2d83a4e 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@
 # fmu-sumo
 This package is intended for interaction with Sumo within the FMU (Fast Model Update(TM)) ecosystem.
 
+Want to contribute? Read our [contributing](./CONTRIBUTING.md) guidelines
 
 ## Explorer
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..ef9aa6fc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security
+
+If you discover a security vulnerability in this project, please follow these steps to responsibly disclose it:
+
+1. **Do not** create a public GitHub issue for the vulnerability.
+2. Follow our guideline for Responsible Disclosure Policy at [https://www.equinor.com/about-us/csirt](https://www.equinor.com/about-us/csirt) to report the issue
+
+The following information will help us triage your report more quickly:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+We prefer all communications to be in English.
\ No newline at end of file