diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 0a197a0..6f0f7af 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,17 +1,9 @@
 <!-- SPDX-License-Identifier: PMPL-1.0-or-later -->
 # Contributing
 
-Contributions are welcome! Please:
-
 1. Fork the repository
-2. Create a feature branch from `main`
-3. Ensure all CI checks pass
+2. Create a feature branch
+3. Ensure SPDX headers on all files
 4. Submit a pull request
 
-## Standards
-
-This project follows the [Rhodium Standard Repository (RSR)](https://github.com/hyperpolymath/standards) conventions.
-
-## License
-
-By contributing, you agree that your contributions will be licensed under PMPL-1.0-or-later (with MPL-2.0 as automatic legal fallback).
+**Author:** Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
diff --git a/SECURITY.md b/SECURITY.md
index 1dd23aa..46be0a6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,13 +3,11 @@
 
 ## Reporting a Vulnerability
 
-If you discover a security vulnerability, please report it responsibly:
+**Email:** j.d.a.jewell@open.ac.uk
 
-- **Email:** j.d.a.jewell@open.ac.uk
-- **Do NOT** open a public issue for security vulnerabilities
+**Response timeline:**
+- Acknowledgement within 48 hours
+- Initial assessment within 7 days
+- Fix or mitigation within 90 days
 
-We will acknowledge receipt within 48 hours and provide a detailed response within 7 days.
-
-## Supported Versions
-
-Only the latest release on the `main` branch is supported with security updates.
+**Safe harbour:** We will not pursue legal action against security researchers who follow responsible disclosure.