From 1c90f37d5333567dd30e5b9e2d58fb7b1b66853b Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <yves-alexis.perez@ssi.gouv.fr>
Date: Mon, 2 Feb 2026 11:08:04 +0100
Subject: [PATCH 1/3] update README with pointers to ANSSI open source policy

---
 README.md | 37 ++++++++++++++-----------------------
 1 file changed, 14 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index b8827b6..926c1cf 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,17 @@
 # Guide to develop secure applications with Rust
+![badge_repo](https://img.shields.io/badge/ANSSI--FR-rust--guide-white)
+[![category_badge_doctrinal](https://img.shields.io/badge/category-doctrinal-%23e9c7e7)](https://github.com/ANSSI-FR#types-de-projets)
+[![openess_badge_A](https://img.shields.io/badge/code.gouv.fr-collaborative-blue)](https://documentation.ouvert.numerique.gouv.fr/les-parcours-de-documentation/ouvrir-un-projet-num%C3%A9rique/#niveau-ouverture)
+
+## French Cybersecurity Agency (ANSSI)
+
+<img src="https://www.sgdsn.gouv.fr/files/styles/ds_image_paragraphe/public/files/Notre_Organisation/logo_anssi.png" alt="ANSSI logo" width="30%">
+
+*This projet is managed by [ANSSI](https://cyber.gouv.fr/). To find out more,
+you can go to the
+[page](https://cyber.gouv.fr/enjeux-technologiques/open-source/) (in French)
+dedicated to the ANSSI open source strategy. You can also click on the badges
+above to learn more about their meaning*.
 
 ## Objectives
 
@@ -40,29 +53,7 @@ $ mdbook serve -o
 
 ## Call for Contributions
 
-At this time, this guide is intended to be a living document. It still lacks
-important points and details, and future versions of the language and compiler
-may render some recommendations obsolete. We are eager to discuss and to receive
-contributions from anyone who is aware of common or uncommon pitfalls to avoid,
-or good coding practices and tools that can help building more robust software
-with the Rust language.
-
-Thus, feel free to create pull requests to suggest recommendations or
-modifications, or to submit an issue to start discussions. Specifically, please
-opt for a *pull request* for small changes like:
-
-- complementing a paragraph,
-- adding a small example in the form of code snippet,
-- updating some information
-- fixing typos and English mistakes,
-- etc.
-
-and for an *issue* in case of more substantive changes:
-
-- suggesting a new recommendation,
-- discussing controversial points,
-- rewording a consistent part of the text,
-- etc.
+See [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ## Licence
 

From d69c72eab410c1f4310bf51b764cedbad7a1f0dd Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <yves-alexis.perez@ssi.gouv.fr>
Date: Mon, 2 Feb 2026 11:08:24 +0100
Subject: [PATCH 2/3] add a separate CONTRIBUTING document

---
 CONTRIBUTING.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 CONTRIBUTING.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..043f403
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,28 @@
+# Contributing to This Project
+
+Thank you for your interest in this project. Please read this document
+carefully before considering any contributions.
+
+At this time, this guide is intended to be a living document. It still lacks
+important points and details, and future versions of the language and compiler
+may render some recommendations obsolete. We are eager to discuss and to receive
+contributions from anyone who is aware of common or uncommon pitfalls to avoid,
+or good coding practices and tools that can help building more robust software
+with the Rust language.
+
+Thus, feel free to create pull requests to suggest recommendations or
+modifications, or to submit an issue to start discussions. Specifically, please
+opt for a *pull request* for small changes like:
+
+- complementing a paragraph,
+- adding a small example in the form of code snippet,
+- updating some information
+- fixing typos and English mistakes,
+- etc.
+
+and for an *issue* in case of more substantive changes:
+
+- suggesting a new recommendation,
+- discussing controversial points,
+- rewording a consistent part of the text,
+- etc.

From 7b48a9dc7c8e78b72d34a5d6db1271bfd0471a50 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <yves-alexis.perez@ssi.gouv.fr>
Date: Mon, 2 Feb 2026 11:08:34 +0100
Subject: [PATCH 3/3] add a security policy

---
 SECURITY.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..0849e8f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in the recommandations included in
+this guide, please help us address it responsibly by following these steps:
+
+1. **Do not publicly disclose the vulnerability.**
+2. Contact us directly at
+   [opensource@ssi.gouv.fr](mailto:opensource@ssi.gouv.fr) with the following
+   details:
+   - A clear description of the issue.
+   - Steps to reproduce the vulnerability.
+   - Any potential impact or exploit scenarios.
+
+Thank you for helping us keep this project secure!