From 8970c62960621dcf9b0d2989134a6f6da1e5f42b Mon Sep 17 00:00:00 2001 From: dawad Date: Wed, 27 Nov 2024 11:13:19 +0100 Subject: [PATCH 1/2] Apply Equinor's open-source Code of Conduct --- CODE_OF_CONDUCT.md | 57 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..d1cd3b8 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,57 @@ +# How we work - Open, Collaborative, Courageous, Caring + +In Equinor, [how we deliver is as important as what we +deliver](https://www.equinor.com/en/careers/our-culture.html). + +As a values-based organization, our [code of conduct for open source projects](https://github.com/equinor/opensource/blob/master/CODE_OF_CONDUCT.md) is +simply a reflection of our values and how we live up to these as teams as well +as individuals. + +This set the expectations for how we collaborate in our open source projects, +and applies to all community members and participants in any Equinor maintained +project. + +In addition to any definition or interpretation of the open source code of +conduct, the company wide [Equinor code of conduct](https://www.equinor.com/content/dam/statoil/documents/ethics/equinor-code-of-conduct.pdf) +always applies to all employees and hired contractors. + +## Handling issues within the communities + +We expect all to have a low threshold for raising issues, or in general discuss +how we live up to our +[values](https://www.equinor.com/en/about-us.html#our-values). Equally, we also +encourage all community members to appreciate when concerns are raised, and make +its best effort in solving them. + +As well as responsibility for what is delivered the project maintainers are also +responsible creating an environment for proper handling of issues raised within +the communities. + +## Call out for assistance + +For any problem not directly resolvable within the community, we encourage you +to call out for assistance. Getting an outsiders perspective on the topic might +be just what is needed for you to proceed. + +Send an e-mail to opensource_at_equinor.com and invite for a discussion. The +email will be handled by a team within the Equinor organization. + +Your request will be kept confidential from the team or community in question, +unless you chose to disclose it yourself. + +## Ethics helpline + +In Equinor, we want you to speak up whenever you see unethical behaviour that +conflicts with our values or threatens our reputation. + +To underline this, we continuously encourage and remind our employees and any +external third parties interacting with us to raise concerns or report any +suspected or potential breaches of law or company policies. + +For any questions or issues that one suspect falls outside the scope of +behaviour regulated, and handled within the open source code of conduct, or you +wish to place an anonymous, confidential report we encourage to use the [Equinor +Ethics +helpline](https://secure.ethicspoint.eu/domain/media/en/gui/102166/index.html). + +This helpline is hosted by a third party helpline provider. From b9662b0e619b50830e7354e7b64f04b3c8ddae3c Mon Sep 17 00:00:00 2001 From: dawad Date: Wed, 27 Nov 2024 11:16:13 +0100 Subject: [PATCH 2/2] Create SECURITY.md --- SECURITY.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..73c39d3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ +If you discover a security vulnerability in this project, please follow these steps to responsibly disclose it: + +1. **Do not** create a public GitHub issue for the vulnerability. +2. Follow our guideline for Responsible Disclosure Policy at [https://www.equinor.com/about-us/csirt](https://www.equinor.com/about-us/csirt) to report the issue + +The following information will help us triage your report more quickly: + +- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue, including how an attacker might exploit the issue + +We prefer all communications to be in English. \ No newline at end of file