From 174f38305c0f73766d2d74cf146ed77c07e8e166 Mon Sep 17 00:00:00 2001
From: rhodibot <rhodibot@hyperpolymath.dev>
Date: Mon, 13 Apr 2026 07:51:41 +0000
Subject: [PATCH] fix(rhodibot): automated RSR compliance fixes

- Created missing
- Created missing

Co-Authored-By: rhodibot <rhodibot@hyperpolymath.dev>
---
 CONTRIBUTING.md |  9 +++++++++
 SECURITY.md     | 13 +++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 CONTRIBUTING.md
 create mode 100644 SECURITY.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..6f0f7af
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,9 @@
+<!-- SPDX-License-Identifier: PMPL-1.0-or-later -->
+# Contributing
+
+1. Fork the repository
+2. Create a feature branch
+3. Ensure SPDX headers on all files
+4. Submit a pull request
+
+**Author:** Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..46be0a6
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+<!-- SPDX-License-Identifier: PMPL-1.0-or-later -->
+# Security Policy
+
+## Reporting a Vulnerability
+
+**Email:** j.d.a.jewell@open.ac.uk
+
+**Response timeline:**
+- Acknowledgement within 48 hours
+- Initial assessment within 7 days
+- Fix or mitigation within 90 days
+
+**Safe harbour:** We will not pursue legal action against security researchers who follow responsible disclosure.