This document outlines the security guidelines and best practices for contributing to and using this project.

If you discover a security vulnerability, please do not report it publicly. Instead, follow the responsible disclosure process:

1. Report the issue by contacting the project maintainers directly at [security contact email - ToBeAdded].
2. Provide a detailed description, including:
   • Steps to reproduce the issue.
   • Potential impact.
   • Any recommended mitigation steps.
3. We will acknowledge receipt of your report and work towards a resolution as soon as possible.

This repository shall not contain or disclose any kraftsensitiv informasjon (power-sensitive information). Contributors must ensure that:

• No confidential infrastructure details are shared.
• No sensitive operational data is included in public discussions.
• No security credentials, API keys, or access details are exposed.

== Legal References The handling of kraftsensitiv informasjon is regulated under Norwegian law, including:

• Forskrift om sikkerhet og beredskap i kraftforsyningen (Power Contingency Regulation)

  • Governed by the Norwegian Water Resources and Energy Directorate (NVE).
  • Full reference: Kraftberedskapsforskriften

• NVE Report on ICT Security in the Power Sector

  • Covers encryption and secure handling of power-sensitive data.
  • Full reference: NVE ICT Security Report

To ensure a secure development environment, adhere to the following:

• Follow secure coding principles to prevent vulnerabilities.
• Regularly update dependencies to mitigate security risks.
• Use strong authentication mechanisms when accessing infrastructure.
• Limit access based on the principle of least privilege.
• Enable logging and monitoring to detect security incidents.

If you suspect a security issue or improper handling of sensitive information:

1. Do not disclose publicly.
2. Contact the security team at [security contact email - ToBeAdded].
3. Provide necessary details to help investigate the issue.

We appreciate your help in keeping this project and its users safe. Your adherence to these guidelines helps ensure a secure and responsible development environment.