Merge pull request #13 from equinor/equinor-updates

Equinor updates
equinor · Nov 27, 2024 · ba114ed · ba114ed
2 parents f7d8658 + b9662b0
commit ba114ed
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 0 deletions.
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,57 @@
+# How we work - Open, Collaborative, Courageous, Caring
+
+In Equinor, [how we deliver is as important as what we
+deliver](https://www.equinor.com/en/careers/our-culture.html).
+
+As a values-based organization, our [code of conduct for open source projects](https://github.com/equinor/opensource/blob/master/CODE_OF_CONDUCT.md) is
+simply a reflection of our values and how we live up to these as teams as well
+as individuals.
+
+This set the expectations for how we collaborate in our open source projects,
+and applies to all community members and participants in any Equinor maintained
+project.
+
+In addition to any definition or interpretation of the open source code of
+conduct, the company wide [Equinor code of conduct](https://www.equinor.com/content/dam/statoil/documents/ethics/equinor-code-of-conduct.pdf)
+always applies to all employees and hired contractors.
+
+## Handling issues within the communities
+
+We expect all to have a low threshold for raising issues, or in general discuss
+how we live up to our
+[values](https://www.equinor.com/en/about-us.html#our-values). Equally, we also
+encourage all community members to appreciate when concerns are raised, and make
+its best effort in solving them.
+
+As well as responsibility for what is delivered the project maintainers are also
+responsible creating an environment for proper handling of issues raised within
+the communities.
+
+## Call out for assistance
+
+For any problem not directly resolvable within the community, we encourage you
+to call out for assistance. Getting an outsiders perspective on the topic might
+be just what is needed for you to proceed.
+
+Send an e-mail to opensource_at_equinor.com and invite for a discussion. The
+email will be handled by a team within the Equinor organization.
+
+Your request will be kept confidential from the team or community in question,
+unless you chose to disclose it yourself.
+
+## Ethics helpline
+
+In Equinor, we want you to speak up whenever you see unethical behaviour that
+conflicts with our values or threatens our reputation.
+
+To underline this, we continuously encourage and remind our employees and any
+external third parties interacting with us to raise concerns or report any
+suspected or potential breaches of law or company policies.
+
+For any questions or issues that one suspect falls outside the scope of
+behaviour regulated, and handled within the open source code of conduct, or you
+wish to place an anonymous, confidential report we encourage to use the [Equinor
+Ethics
+helpline](https://secure.ethicspoint.eu/domain/media/en/gui/102166/index.html).
+
+This helpline is hosted by a third party helpline provider.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,16 @@
+If you discover a security vulnerability in this project, please follow these steps to responsibly disclose it:
+
+1. **Do not** create a public GitHub issue for the vulnerability.
+2. Follow our guideline for Responsible Disclosure Policy at [https://www.equinor.com/about-us/csirt](https://www.equinor.com/about-us/csirt) to report the issue
+
+The following information will help us triage your report more quickly:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+We prefer all communications to be in English.