[ADD] project governance and security documentation

Author: valentin-kaiser

CODE_OF_CONDUCT.md

@@ -0,0 +1,126 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[info@kaiser-bielefeld.de](mailto:info@kaiser-bielefeld.de).
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+[contributor-covenant.org](https://www.contributor-covenant.org/version/2/0/code_of_conduct.html).
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). Translations are available at
+[https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations).

CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# Contributing to go-core
+
+Welcome to the go-core project! Your contributions are highly appreciated. We've designed the process to be straightforward and transparent, whether you're:
+
+- Reporting a bug
+- Discussing code-related matters
+- Submitting fixes
+- Proposing exciting new features
+- Expressing interest in becoming a maintainer
+
+## Embracing GitHub for Development
+
+GitHub is our platform of choice for hosting code, tracking issues and feature requests, and accepting pull requests.
+We follow the [GitHub Flow](https://docs.github.com/de/get-started/quickstart/github-flow) for code changes.
+Pull requests serve as the vehicle for proposing modifications to the codebase.
+We enthusiastically welcome your pull requests using the following steps:
+
+- Fork the repository and create a new branch based on main.
+- If your changes involve new code, incorporate corresponding tests.
+- When altering APIs, remember to update the accompanying documentation.
+- Validate that the test suite passes successfully.
+- Ensure your code aligns with our coding standards.
+- Now you can submit your pull request!
+
+## Reporting Issues via GitHub's Issues Section
+
+We utilize GitHub's issues section to track public bugs.
+Creating a bug report is as easy as opening a new issue using our templates.
+
+## Your Contributions Under the BSD 3-Clause License
+
+By submitting your code changes, you implicitly agree to License your contributions under the same BSD 3-Clause license that governs the project.
+If you have any concerns, don't hesitate to reach out to the maintainers.

SECURITY.md

@@ -0,0 +1,48 @@
+# Security Policy
+
+## Supported Versions
+
+I am dedicated to ensure the security of go-core. To achieve this, I follow the Semantic Versioning (SemVer) scheme, where revisions are in the format "major.minor.patch".
+I will release patches for any security vulnerabilities that are discovered in the latest major or minor release. 
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+I take the security of this project very seriously. If you discover a security vulnerability, I appreciate your responsible disclosure. To report a vulnerability, please follow these steps:
+
+1. **Email**: Send an email to [info@kaiser-bielefeld.de](mailto:info@kaiser-bielefeld.de) with all the details regarding the vulnerability.
+2. **Subject**: Use "[go-core Vulnerability Report]" as the subject line to help me prioritize and identify your report.
+3. **Vulnerability Details**: Please provide a clear and detailed description of the vulnerability, along with the potential impact it may have.
+4. **Reproducibility**: If possible, include step-by-step instructions to reproduce the vulnerability.
+5. **Versions Affected**: Specify which versions of the project are affected by the vulnerability.
+6. **Your Contact**: Include your name, email address, and any other contact information you wish to share.
+
+## Response and Resolution
+
+Once I receive the vulnerability report, I will acknowledge its receipt within 72 hours. I will conduct an initial review to validate the vulnerability and determine its severity.
+
+If the vulnerability is accepted:
+
+- **Fixing Process**: I will prioritize developing a patch for the vulnerability.
+- **Release Timeline**: The patch will be included in the next available release within a reasonable timeframe. Please note that the release cycle might vary, but I will prioritize security fixes.
+- **Credit**: If you desire, I will acknowledge your contribution and give you credit for responsibly reporting the vulnerability.
+
+If the vulnerability is declined:
+
+- **Reasoning**: I will provide a reason for the rejection and explain why the reported issue does not qualify as a security vulnerability.
+
+## Security Updates
+
+To ensure the security of go-core, it is crucial that all users update to the latest supported version promptly. Users of older versions that are no longer supported are strongly recommended to upgrade to a supported version to stay protected against potential security threats.
+
+Thank you for helping me make go-core more secure. Your cooperation and responsible disclosure are essential to maintaining the integrity and trustworthiness of this project.
+
+Please note that this security policy is subject to change over time, so it is advisable to check this document periodically for any updates.
+
+Last Updated: August 1, 2023.