Update README.md, CONTRIBUTING.md, SECURITY.md according to the guide…

…lines in template.

(auto-submit 98635 after successfully running remote remote.full)
Job ID: job.9.20230221194432.7041

[git-p4: depot-paths = "//dev/coherence-ce/main/": change = 98639]

CONTRIBUTING.md

@@ -1,55 +1,68 @@
 <!--
-
-  Copyright (c) 2000, 2021, Oracle and/or its affiliates.
+  Copyright (c) 2000, 2023, Oracle and/or its affiliates.
 
   Licensed under the Universal Permissive License v 1.0 as shown at
-  http://oss.oracle.com/licenses/upl.
-
+  https://oss.oracle.com/licenses/upl.
 -->
-# Contributing to Coherence
 
-Oracle welcomes contributions to this repository from anyone.
+-----
+# Contributing to this repository
 
-If you want to submit a pull request to fix a bug or enhance an existing
-feature, please first open an issue and link to that issue when you
-submit your pull request.
+We welcome your contributions! There are multiple ways to contribute.
 
-If you have any questions about a possible submission, feel free to open
-an issue too.
+## Opening issues
 
-## Contributing to the Oracle Coherence Community Edition repository
+For bugs or enhancement requests, please file a GitHub issue unless it's
+security related. When filing a bug remember that the better written the bug is,
+the more likely it is to be fixed. If you think you've found a security
+vulnerability, do not raise a GitHub issue and follow the instructions in our
+[security policy](./SECURITY.md).
 
-Pull requests can be made under
-[The Oracle Contributor Agreement](https://oca.opensource.oracle.com/) (OCA).
+## Contributing code
 
-For pull requests to be accepted, the bottom of your commit message must have
-the following line using your name and e-mail address as it appears in the
-OCA Signatories list.
+We welcome your code contributions. Before submitting code via a pull request,
+you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and
+your commits need to include the following line using the name and e-mail
+address you used to sign the OCA:
 
-```
+```text
 Signed-off-by: Your Name <you@example.org>
 ```
 
-This can be automatically added to pull requests by committing with:
+This can be automatically added to pull requests by committing with `--sign-off`
+or `-s`, e.g.
 
-```
-  git commit --signoff
+```text
+git commit --signoff
 ```
 
-Only pull requests from committers that can be verified as having
-signed the OCA can be accepted.
+Only pull requests from committers that can be verified as having signed the OCA
+can be accepted.
 
-### Pull request process
+## Pull request process
 
-1. Fork this repository
+1. Ensure there is an issue created to track and discuss the fix or enhancement
+   you intend to submit.
+1. Fork this repository.
 1. Create a branch in your fork to implement the changes. We recommend using
-the issue number as part of your branch name, e.g. `1234-fixes`
-1. Ensure that all changes comply to project coding conventions as documented [here](DEV-GUIDELINES.md)
+   the issue number as part of your branch name, e.g. `1234-fixes`.
+1. Ensure that any documentation is updated with the changes that are required
+   by your change.
+1. Ensure that any samples are updated if the base image has been changed.
+1. Ensure that all changes comply to project coding conventions as documented
+   [here](DEV-GUIDELINES.md)
 1. Ensure that there is at least one test that would fail without the fix and
-passes post fix
-1. A full build including test execution is required for the PR
+   passes post fix.
 1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly
-what your changes are meant to do and provide simple steps on how to validate
-your changes, ideally referencing the test. Ensure that you reference the issue
-you created as well. We will assign the pull request to 2-3 people for review
-before it is submitted internally and the PR is closed.
+   what your changes are meant to do and provide simple steps on how to validate
+   your changes. Ensure that you reference the issue you created as well.
+1. We will assign the pull request to 2-3 people for review before it is submitted
+   internally and the PR is closed.
+
+## Code of conduct
+
+Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
+like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
+
+[OCA]: https://oca.opensource.oracle.com
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/

README.md

@@ -1,10 +1,8 @@
 <!--
-
-  Copyright (c) 2000, 2022, Oracle and/or its affiliates.
+  Copyright (c) 2000, 2023, Oracle and/or its affiliates.
 
   Licensed under the Universal Permissive License v 1.0 as shown at
   https://oss.oracle.com/licenses/upl.
-
 -->
 
 -----
@@ -421,6 +419,14 @@ Below is an overview of features supported in each Coherence edition for compari
 
 Please refer to <a href="https://docs.oracle.com/en/middleware/fusion-middleware/fmwlc/application-server-products-new-structure.html#GUID-00982997-3110-4AC8-8729-80F1D904E62B">Oracle Fusion Middleware Licensing Documentation</a> for official documentation of Oracle Coherence commercial editions and licensing details.
 
+## Examples
+
+Examples related to Coherence features are located under [examples](./prj/examples) directory of this repository.
+
 ## <a name="contrib"></a>Contribute
 
 Interested in contributing?  See our contribution [guidelines](CONTRIBUTING.md) for details.
+
+## Security
+
+Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process

SECURITY.md

@@ -1,17 +1,46 @@
-# Reporting Security Vulnerabilities
+<!--
+  Copyright (c) 2000, 2023, Oracle and/or its affiliates.
 
-Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
+  Licensed under the Universal Permissive License v 1.0 as shown at
+  https://oss.oracle.com/licenses/upl.
+-->
 
-Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email.
+-----
+# Reporting security vulnerabilities
 
-We ask that you do not use other channels or contact project contributors directly. 
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
 
-Non-vulnerability related security issues such as great new ideas for security features are welcome on GitHub Issues. 
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[secalert_us@oracle.com][1] preferably with a proof of concept. Please review
+some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
 
-## Security Updates, Alerts and Bulletins
+We ask that you do not use other channels or contact the project maintainers
+directly.
 
-Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update](https://www.oracle.com/security-alerts/) program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past advisories, is available on our [Security Alerts](https://www.oracle.com/security-alerts/) page.
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
 
-## Security-Related Information
+## Security updates, alerts and bulletins
 
-We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use.
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+[Oracle Critical Patch Update][3] program. Additional
+information, including past advisories, is available on our [security alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:secalert_us@oracle.com
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/

prj/etc/copyright-exclude-windows.txt

@@ -69,3 +69,4 @@ cache-config-UTF8-BOM.xml
 .zip
 .class
 .cdb
+.md

prj/etc/copyright-exclude.txt

@@ -69,3 +69,4 @@ cache-config-UTF8-BOM.xml
 .zip
 .class
 .cdb
+.md