Update CONTRIBUTING.md (#14)

* Update CONTRIBUTING.md

* Update SECURITY.md

* Update README.md

Author: spavlusieva

CONTRIBUTING.md

@@ -2,39 +2,42 @@
 
 We welcome your contributions! There are multiple ways to contribute.
 
-## Issues
-For bugs or enhancement requests, please file a GitHub issue unless it's security related. 
-When filing a bug remember that the better written the bug is, the more likely it is to be fixed. 
-If you think you've found a security vulnerability, do not raise a GitHub issue and follow the 
-instructions on our [Security Policy](./SECURITY.md). 
+## Opening issues
 
-## Contributing Code
+For bugs or enhancement requests, please file a GitHub issue unless it's
+security related. When filing a bug remember that the better written the bug is,
+the more likely it is to be fixed. If you think you've found a security
+vulnerability, do not raise a GitHub issue and follow the instructions in our
+[security policy](./SECURITY.md).
 
-We welcome your code contributions. 
-To get started, you will need to sign the [Oracle Contributor 
-Agreement](https://www.oracle.com/technetwork/community/oca-486395.html) (OCA).
+## Contributing code
 
-For pull requests to be accepted, the bottom of your commit message must have the following line 
-using the name and e-mail address you used for the OCA.
+We welcome your code contributions. Before submitting code via a pull request,
+you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and
+your commits need to include the following line using the name and e-mail
+address you used to sign the OCA:
 
-```
+```text
 Signed-off-by: Your Name <you@example.org>
 ```
 
-This can be automatically added to pull requests by committing with:
+This can be automatically added to pull requests by committing with `--sign-off`
+or `-s`, e.g.
 
-```
+```text
 git commit --signoff
 ```
 
-Only pull requests from committers that can be verified as having signed the OCA can be accepted.
+Only pull requests from committers that can be verified as having signed the OCA
+can be accepted.
 
-### Pull request process
+## Pull request process
 
-1. Fork this repository.
-1. Create a branch in your fork to implement the changes. We recommend using the issue number as 
-part of your branch name, e.g. `1234-fixes`.
-1. Ensure that any documentation is updated with the changes.
+1. Ensure there is an issue created to track and discuss the fix or enhancement
+   you intend to submit.
+2. Fork this repository.
+3. Create a branch in your fork to implement the changes. We recommend using the issue number as 
+part of your branch name, e.g. `1234-fixes`.Ensure that any documentation is updated with the changes.
 1. Add a test for the new behaviour (or that exercises the bug if a bug fix).
 1. Submit the pull request. *Do not leave the pull request text blank*. 
 Explain exactly what your changes are meant to do and provide simple steps on how to validate your 
@@ -43,6 +46,10 @@ Ensure that you reference the issue you created as well.
 The PR name will be the name of the squashed commit to main.
 1. We will assign the pull request to be reviewed before it is merged.
 
-## Code of Conduct
-Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). 
-More specific guidelines are in the [Contributor Covenant Code of Conduct](./CODE_OF_CONDUCT.md)
+## Code of conduct
+
+Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
+like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
+
+[OCA]: https://oca.opensource.oracle.com
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/

README.md

@@ -250,6 +250,9 @@ accompanying research paper that has been shared on arXiv:
 * "[MACEst: The reliable and trustworthy Model Agnostic Confidence 
 Estimator](https://arxiv.org/abs/2109.01531). Rhys Green, Matthew Rowe, and Alberto Polleri. 2021."
 
+## Security
+
+Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process
 
 ## License
 Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.

SECURITY.md

@@ -1,30 +1,38 @@
-# Reporting Security Vulnerabilities
-Oracle values the independent security research community and believes that responsible disclosure 
-of security vulnerabilities helps us ensure the security and privacy of all our users.
-
-Please do NOT raise a GitHub Issue to report a security vulnerability. 
-If you believe you have found a security vulnerability, please submit a report to 
-[secalert\_us@oracle.com](mailto:secalert_us@oracle.com) preferably with a proof of concept. 
-We provide additional information on [how to report security vulnerabilities to 
-Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) 
-which includes public encryption keys for secure email.
-
-We ask that you do not use other channels or contact project contributors directly. 
-
-Non-vulnerability related security issues such as new great new ideas for security features are 
-welcome on GitHub Issues. 
-
-### Security Updates, Alerts and Bulletins
-Security updates will be released on a regular cadence. Many of our projects will typically release 
-security fixes in conjunction with the [Oracle Critical Patch 
-Update](https://www.oracle.com/security-alerts/) program. 
-Security updates are released on the Tuesday closest to the 17th day of January, April, July and 
-October. 
-A pre-release announcement will be published on the Thursday preceding each release. 
-Additional information, including past advisories, is available on our [Security 
-Alerts](https://www.oracle.com/security-alerts/) page.
-
-### Security-Related Information
-We will provide security related information such as a threat model, considerations for secure use, 
-or any known security issues in our documentation. Please note that labs and sample code are 
-intended to demonstrate a concept and may not be sufficiently hardened for production use.
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[secalert_us@oracle.com][1] preferably with a proof of concept. Please review
+some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+[Oracle Critical Patch Update][3] program. Additional
+information, including past advisories, is available on our [security alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:secalert_us@oracle.com
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/